Download our in-depth report: The Ultimate Guide to IT Security VendorsAs details unfold about the massive cyber security crack at a payment processing company that exposed more than 40 million credit card accounts, security experts, legislators and corporate IT administrators are jockeying about ways to fix the leaky data problem.
The data breach, another in a growing list of data leaks involving scams and absent-minded workers, is believed to be the largest to date. It happened when intruders exploited software security vulnerabilities at CardSystems Solutions, MasterCard International spokeswoman Jessica Antle told internetnews.com.
Now, in addition to an FBI criminal investigation into the case, the Federal Financial Institutions Examination Council (FFIEC), a group composed of five federal banking regulators, has launched an investigation into CardSystems Solutions.
A spokesperson for the FFIEC said the investigation is expected to last two weeks.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Nearly 70,000 MasterCard account numbers were especially at risk because they were kept in a file exported from CardSystems' database, Antle said.
MasterCard's security team discovered abnormal usage patterns on certain cards after their fraud monitoring system received a recent report from card-issuing banks.
CardSystems said in a statement that it alerted theFBI to the possibility of a security hole in May.
''We understand and fully appreciate the seriousness of the situation. Our goal is to cooperate fully with the FBI to complete the investigation and ensure that we do nothing that might compromise the investigation.''
The probe also found that the Atlanta-based payment processor did not meet MasterCard's security regulations. CardSystems should not have held onto MasterCard's records, and later compounded the problem by storing the transaction data in unencrypted form, Antle said.
As of Tuesday the FBI still was not commenting on the investigation.