DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update, Iowa – MasterCard issues local security alert

Posted on November 2, 2011 by Dissent

Bob Eschliman reports more on a recent breach disclosure in Iowa:

The MasterCard Fraud Management department has been notified of a security breach of a U.S. merchant’s network. A data security firm has been engaged to conduct an onsite forensic investigation. This alert discloses the payment account numbers of MasterCard accounts that were potentially exposed to compromise.

Preliminary investigations indicate that magnetic stripe data is at risk.

This alert contains account numbers used in transactions at the subject merchant from November 2, 2010 through April 20, 2011.

What I find intriguing is that no other bank in the area has indicated that they have been notified of the merchant breach.

That’s also a long time for the network to have been breached without the merchant realizing it, although sadly, it’s not particularly uncommon.

Read more on Clarinda Herald-Journal.

Category: Breach IncidentsBusiness SectorHackU.S.

Post navigation

← A low act of hacking and dumping accounts, kidneytimes.com database dumped
(Update, TX) Tyler Chicken Express Employee Sentenced for Skimming Cards →

2 thoughts on “Update, Iowa – MasterCard issues local security alert”

  1. Rickajho says:
    November 30, 2011 at 4:44 am

    Unfortunately the story you are linking to is no longer available. The newspaper went to “pay for” only site access.

    Regardless, I’ve been caught up in all this hinkiness twice in the last 90 days. First it was fraudulent charges on a BoA issued MasterCard in September. And in November the same problems popped up on my Citibank MasterCard. As a consumer I am not amused.

    The experience with both credit card issuers was eerily similar: They knew the charges were somehow “wrong” and reversed them before I was even contacted. They said I would receive a fraud affidavit which I needed to sign and return – which they never sent. And almost verbatim, customer service reps at both banks said they did not know what was going on, and even if they did they couldn’t give me details. Yeah, right…

    MasterCard and the issuing banks should not underestimate the annoyance this is causing the consumer. And taking a “speak no evil” approach isn’t helping. Somebody knows something is seriously wrong. If account data is known to be stolen then dammit, get ahead of it despite the costs and get new cards/accounts out there before it becomes a royal PITA for the customers. This is the very stuff that is known to cause consumers to say “No thanks” to receiving a replacement card/account. I have plenty of credit elsewhere. I don’t *need* MasterCard.

    Sooner or later people are going to yowl if the size of this problem becomes huge, one customer report at a time. Right now, I’m annoyed enough to start calling radio and TV stations and seeing if anyone bites on the story. Because having 2 MasterCard accounts frauded in 90 days really bites.

    1. admin says:
      November 30, 2011 at 7:11 am

      In most cases, the banks really do not know the source of the breach. All they know is that MasterCard (or Visa) gives them a list of account numbers to flag. They can’t tell us what they do not know. And it may take MC and Visa time to pinpoint the common point of compromise. So I suspect there will always be cases where at least some customers experience what you did before a breach is pinpointed and their system secured. Look how long it took to nail down the Heartland breach. Fraudulent charges were showing up in the Fall of 2008 and yet Heartland was unable to confirm a breach until January 2009.

      I’ve had this disclosure argument/discussion with Visa a few times in recent years. Their position is that they have no direct contract with the consumer and so have no obligation to tell us what merchant was involved. They also argue that they cannot/should not disclose if the merchant hasn’t disclosed. In other words, if the merchant doesn’t disclose, we may never find out for sure where a merchant breach was.

      One of the benefits of a national data breach disclosure/notification law would be that we would presumably learn where a breach occurred. And I think that’s a good thing for consumers. If the FTC can tell Facebook they have to be more transparent as a business practice, why don’t merchants have to be more transparent if they’ve had a data breach?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.