Editor’s Note: The Federal government makes extensive use of payment cards.
Law enforcement officials are investigating what appears to be a massive theft of U.S. consumers’ credit card data, MasterCard confirmed Friday. The computer security expert who first reported the theft said it might involve 10 million MasterCard and Visa accounts, making it one of the largest credit card heists in recent memory.
“MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk,” the association said in a statement. “Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization.”
The theft was first reported by well-known computer security journalist Brian Krebs on his blog, KrebsonSecurity.com. Krebs said the crime involves compromise of a credit card payment processor — a “middle man” that ushers transactions between retailers and banks. The name of that institution is unknown, but processors have long been a target of identity thieves because of the enormous amounts of data they control. In 2008, Princeton N.J.-based Heartland Systems was hacked, exposing tens of millions of credit card account numbers to theft.
Krebs reported that hackers had access to the unknown processors data from Jan 21 through Feb 25, and was able to siphon off enough data that they could use it easily to create counterfeit cards. His sources called the leak “massive.”
Gartner security expert Avivah Litan said she’s been told that the stolen data is already being used on the street by identity thieves.
“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently,” she said.
She’s been told that investigators believe the data theft originated in New York City.
“From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card — be sure to check your card statements for possible fraud,” Litan said in her blog post on the topic.
MasterCard said none of its computers were hacked as part of the incident.
“MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information,” the association added in its statement. “If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution … It is important to note that MasterCard’s own systems have not been compromised in any manner. “