Published March 30, 2012
DEVELOPING: MasterCard is investigating a possible breach of cardholder account data involving a U.S.-based payment processor, the company said Friday.
"As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk," the Purchase, N.Y., credit-card company said in a statement.
Law enforcement officials have been notified of the matter and an "independent data security organization" is conducting an ongoing forensic review. The U.S. Secret Service is investigating the breach, a spokesman said Friday.
The company is alerting card-issuing banks regarding "certain MasterCard accounts that are potentially at risk."
"MasterCard's own systems have not been compromised in any manner," the statement continued.
A MasterCard spokesman declined to say how many cards may have been compromised or how many banks it is notifying, the Wall Street Journal reports.
The breach was first reported early Friday by Krebs On Security, a blog by former Washington Post reporter Brian Krebs. The blog also reported that Visa was also notifying banks about a breach involving a third-party payment processor.
Representatives for Visa couldn't immediately be reached for comment Friday morning, the Wall Street Journal reports.
Visa and MasterCard do not lend or issue cards to consumers, but instead process transactions for banks that issue their cards and those that handle transactions for merchants.
Representatives of several banks, including Bank of America Corp. and J.P. Morgan Chase & Co., either couldn't be reached for comment or declined to comment Friday morning, the newspaper reports.
MasterCard said it will "continue to both monitor this event and take steps to safeguard account information."
Cardholders concerned about their accounts should contact the banks that issued them their cards, MasterCard said.
Sources at two major financial institutions told Krebs on Security that most of the cards they analyzed were apparently used in New York City-area parking garages.
U.S. card issuers' total losses from credit- and debit-card fraud is an estimated $2.4 billion per year, according to a Consumer Reports article in June. Including merchants, credit card fraud costs U.S. establishments $52.6 billion annually, according to March 2011 Federal Reserve statistics.
In 2008, a group of hackers breached the network of Princeton, N.J.-based payment processing giant Heartland Payment Systems, which processed transactions for restaurants, retailers and other merchants. Data from more than 100 million credit and debit cards were stolen.