The epidemic of information theft, leakage, and loss continued this past weekend with the announcement by MasterCard that 40 million credit card accounts had been compromised. The breach - as always attributed to hackers first, although this may be later clarified - affected almost 14 million MasterCard accounts, with the rest belonging to Visa and other companies. The lapse in security was at a third-party processing facility (CardSystems Solutions Inc), not MasterCard itself.

The latest twist in this story, just being reported this morning, is that the third-party processing company is now admitting that they were breaking rules established by Visa and MasterCard regarding information storage. Consumer records were being stored for ‘research purposes’, according to the company’s CEO; the CEO explicitly states that “we should not have been doing that” (first reported by The New York Times). The same article also reports that CardSystems Solutions was storing the 3/4-digit verification codes that are supposed to heighten credit card security in online purchases. The presence of that information can “double or triple the black-market value of a cardholder’s account” - even more reason to question the company’s unnecessary data storage practices.

Read the rest of this entry »