- After two data packs have been leaked online, MasterCard admitted the security incident.
- The information that has been breached includes names, emails, card numbers, CVC, and more.
- Affected customers have been informed and will receive identity theft protection services for free.
As reported by Heise Online, people lurking on darknet marketplaces noticed the circulation of a new dump containing about 90000 MasterCard owner details. A few days after suspicion about a possible breach raised, a second file popped up online containing customer data from the Priceless Specials program. With the pressure piling up, MasterCard admitted that their Specials program was affected by a security incident and disclosed all relevant details to the German and Belgian Data Protection authorities as they are required by law to do so.
MasterCard clarified that the data that has been leaked only concerns the numbers of the payment cards that are used in their loyalty program and claims that the incident is by no means connected to their payment network. However, they confirm Heise’s findings of the content of the leaked spreadsheets involving full names of the customers, their DoB, their email addresses, and in many cases their postal address and mobile phone numbers as well. The second file also contained the card expiration dates and the CVC numbers. The two lists that leaked concern solely German and Belgian citizens and that is why only the corresponding authorities were notified accordingly.
MasterCard has suspended the Priceless Specials program so no one can log in onto the platform for the time being. As the financial giant stated, they realized that they had sustained a breach on August 19, 2019, and they decided to launch an internal investigation immediately. Moreover, they have taken action to delete any information about their customers that was published online, and now offer free credit monitoring and identity theft protection for the affected clients. The actual number of these clients has not been disclosed by MasterCard yet, and it’s very likely that we’ll get to learn about this when the dump goes for mainstream sale.
If you are worried about this incident, you can always ask for a card replacement, or simply block the one you hold. For further actions, you may access the MasterCard “My Data Center” portal and find out what your privacy rights are and how you can exercise them. If you have been affected by this data breach, you should have already received an email from “[email protected]”. To sign up for the fraud protection services, you may send an email on the above address and ask for MasterCard’s coverage.