Visa, MasterCard warn of 'massive' security breach

Visa, MasterCard warn of 'massive' security breach

Summary: U.S. banks have received warnings from Visa and MasterCard after a credit card processor was reportedly breached. The breach may involve more than 10 million compromised card numbers.


Update 2: Visa, MasterCard confirm credit card security breach

Update: Analysts on Visa, MasterCard credit card security breach

Visa and MasterCard have reportedly warned banks of a major potential breach at a U.S.-based credit card processor, but neither firm has revealed which processor had been compromised. Alerts sent out to U.S. banks late last week advised them that certain cards may have been compromised, and that full Track 1 and Track 2 data was taken, which means perpetrators got enough to counterfeit new cards.

The breach may involve more than 10 million compromised card numbers. Here's an excerpt from Krebs on Security, which broke the story and said sources in the financial sector are calling the breach "massive":

It's not clear how many cards were breached in the processor attack, but a sampling from one corner of the industry provides some perspective. On Wednesday, PSCU — a provider of online financial services to credit unions — said it alerted 482 credit unions that appear to have had cards impacted by the breach, and that a total of 56,455 member VISA and MasterCard accounts were compromised. PSCU said fraudulent activity had been detected on a relatively small number of those cards — 876 accounts — and that the activity was geographically dispersed.

The breach is believed to have occurred between January 21 and February 25, 2012. The affected banks are reportedly analyzing data transactions in the hopes of tracking down a common point of purchase. So far, most of the dodgy transactions analysed point to parking garages in and around New York City.

While it doesn't appear that either of the credit card companies were breached themselves, they should be able to offer insight into what happens next. I have contacted both Visa and MasterCard for more information and will update you if I hear back.

Update: Analysts on Visa, MasterCard credit card security breach

Update 2: Visa, MasterCard confirm credit card security breach

See also:

Topics: Hardware, Banking, Processors, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cash, Checks, and the US Mail

    Using cash, checks or money orders, and the US mail is starting to look good again!
    • No

      If you do that, you will be put on a terrorist watch list. FBI/DoJ put out a notification saying that people who pay with cash should be looked upon with suspicion. They are even sending out such fliers to places like coffee shops, warning the owners too look out for cash payers. (Yes I am serious).
  • A third-party U.S. based processor

    Yea, a third-party U.S. based processor that outsources to China or India or God knows where else.

    This is your data on the cheap. Shoddily protected, shoddily secured.

    Don't you feel safe? ;)
    • LMFAO

      Would give you +10 if I could but +1 is gonna have to do :D
  • Credit Card Security, Card hacked?

    Please hold, You call is important to us. The next available agent will answer your call in (xxx) minutes. (Que muzak), wait while your credit score is trashed.
    • ...and while you wait

      You are caller number [click] five hundred [click] seventy [click] eight on the list. Please continue to hold. [muzak] ... [ disconnects...silence]
      • Unknown to you...

        in the background of all that patient waiting you did, your account, which was safe up to now, has now been hacked, and your credit card statement will reflect our illegal activity on your next statement in the form of whatever we want to buy at your expense.

        Thank you very much for your patronage.

        Have a good day.

        At least until your next statement comes in the mail.
  • What is their responsibility to consumers and reissuing new cards?

    Where are the card carrying consumer warnings from these card companies? Aren't we the real victims? Or is that asking for too much responsibility?
  • Since when...

    Are credit card companies holding their customers liable for this? As far as I know, they do not, and fraudulent charges are removed as soon as they are discovered. Try to get your money back the bank after a thug knocks you on the head and steals that wad of cash in your pocket.

    The system works like it's supposed to -- and protects the consumer. I had a compromised card once -- bad charges were reversed, new card arrived the next day. Very minor inconvenience compared with theft of physical money.
    • It shouldn't get to that point

      All those costs it takes to have you reimbursed gets passed on to who?

      Take a guess...
  • My Visa Just Hacked

    Visa called last Sunday to let me know there was a security freeze on my card stemming from charges to Apple iTunes in Beijing. Boo Apple for being there. Anyway, I had to get a new card and certify in a later letter I didn't do the crime. Funny thing was, they had my phone number a card security code (on the back). After reading above, not surprised. I rarely buy over the internet (mostly because I am in Canada and it costs a mint to ship and to pay taxes to here) but when I do it is software from reputable companies. Who got hacked? Not me I think. Just in case, I bought a new ssd c: drive and rebuilt my Win 7 from scratch. This is what happens when too much data is collected for profit and too little security so stockholders are happy and data is kept too long. Same old, same old story. TJMax anyone?