Exposed Data From Mastercard Loyalty Scheme Breach Now Online

It has been reported that a database containing sensitive information of about 90,000 German Mastercard “Priceless Specials” loyalty program members shared online following a breach discovered on August 20 was added to data breach site Have I Been Pwned on September 1. MasterCard has notified German and Belgium regulators of a data breach affecting customers of its ‘Priceless Specials’ loyalty programme after discovering it on the 19 August. The Belgian Data Protection Authority stated that customer data from the loyalty programme had appeared on the internet for “a certain period of time”.

Experts Comments

September 04, 2019
Felix Rosbach
Product Manager
comforte AG
Credit card data is some of the most sensitive data of all. If unprotected, fraud is easy to commit with stolen card account information. Therefore these kinds of breaches create a lot of stress on both the issuers’ side and on consumers. Even if Mastercard isn’t directly responsible as there seem to be third parties involved, the reputational damage is high. In addition to the direct costs of this breach, there might be a GDPR fine coming up. It’s crucial to protect sensitive data and.....Read More
Credit card data is some of the most sensitive data of all. If unprotected, fraud is easy to commit with stolen card account information. Therefore these kinds of breaches create a lot of stress on both the issuers’ side and on consumers. Even if Mastercard isn’t directly responsible as there seem to be third parties involved, the reputational damage is high. In addition to the direct costs of this breach, there might be a GDPR fine coming up. It’s crucial to protect sensitive data and therefore data privacy over the entire data lifecycle – from the POS device to processing to backup. Implementing data-centric security, which means protecting data at the earliest possible point and de-protecting it only when absolutely necessary, is the only way forward. One very effective way to protect sensitive data is to pseudonymize it. Even third parties should only use tokens instead of clear-text data to process payments and store sensitive data. If hackers get access to these tokens, the data is useless. This also reduces stress on both sides: for businesses and consumers.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.