[JURIST] MasterCard [corporate website] announced late Friday that a security lapse at CardSystems Solutions [corporate website], a third-party processing company in Tuscon, Arizona, has potentially exposed more than 40 million cards to fraud, and that it has notified banks of the problem. Some 13.9 of the cards affected carry the MasterCard brand. In a statement, Mastercard said that "vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data", although it emphasized that "[n]o highly sensitive information, such as social security numbers or dates of birth or the like, are stored on MasterCard cards." The statement did not identify who the "unauthorized individual" was or is thought to be.
Credit card fraud [MSNBC report] and identity theft [MSNBC report] have become major consumer concerns in recent months, dramatically heightened by dangers associated with hacker exploitation of online systems. On Thursday, the US Senate Commerce Committee held a hearing [prepared testimony; recorded audio] to examine federal legislative solutions to data breach and identity theft. MasterCard said in its statement that it was urging Congress
to enact wider application of Gramm-Leach-Bliley [FTC backgrounder], the act that includes provisions to protect consumers' personal financial information held by financial institutions. Currently, GLBA only applies to financial institutions providing services to consumers, including MasterCard. MasterCard urges Congress to extend that application to also include any entity, such as third party processors, that stores consumer financial information, regardless of whether or not they interact directly with consumers.
Read the full MasterCard press release