A security breach at a company which processes credit card transactions has exposed an estimated 40 million credit cards of to potential fraud in the biggest privacy violation ever reported, Mastercard International has announced.
MasterCard, the second-biggest credit card group behind Visa, said about 13.9 million of the payment cards at risk are MasterCard-branded cards.
"We have spotted some fraud ... but it's proportionately very small," MasterCard spokeswoman Jessica Antle told journalists, declining to provide monetary estimates of the extent of the fraud.
Antle said credit card information with names, account numbers and expiration dates of about 70,000 MasterCard credit card holders had so far been found to have been taken out of a database system run by CardSystems Solutions Inc., which processes transactions for MasterCard.
Antle said any card holders who had been hit by fraud due to the data breach would not be held liable for any charges made on their accounts.
CardSystems, which has been in business for about 15 years, processes more than $15 billion (€12.1 billion) annually in transactions made online and with credit card issuers Visa, MasterCard, American Express, and Discover, according to the company's Web site.
Antle said the data compromised in CardSystems' database was names, account numbers and card expiration dates, but not social security numbers and home addresses. Social security numbers, dates of birth and the like are not stored on MasterCard cards, the company said.
MasterCard learned about the breach in late May and said it immediately notified its financial members so they could take measures to protect their cardholders. The FBI was also informed and launched an investigation that continues, Antle said.
Antle could not say, citing the ongoing investigation, if the breach was by a CardSystems' employee or by a possible computer hacker outside the company.
The estimated 40 million credit cards exposed exceeds the population of California, the most populous US state.
"It sounds like the Guinness Book of World Records here," said Richard Smith, a leading computer privacy activist who runs a Web site called ComputerBytesMan.com.
There are 1.1 billion credit cards in circulation in the United States, according to the Nilson report which tracks the credit card industry.