40 million credit cards hacked, Sophos comments

June 20, 2005 Sophos Press Release

Last Friday, it was reported that a payment-processing centre in Atlanta, Card Solutions, became the largest target of a successful hacking attack. According to media reports, the company, which authenticates credit card transactions for several major credit card companies, discovered that information was stolen, allowing unauthorised third-parties to fraudulently use the cards.

MasterCard International have reportedly claimed that more than 40 million credit card numbers have been stolen while Visa has estimated that 18 million of its customers may have been affected. The theft of these numbers has already led to fraudulent purchases.

Media reports have said that the hacker gained access using malicious software to steal the numbers.

Customers are reportedly not at risk of identity theft since information kept on credit cards is limited; the hacker allegedly did not access PIN numbers. Additionally, individual customers will not be responsible for any fraudulent transactions.

"We are seeing a worrying increase in the amount of crime being committed on computers by hackers and malicious software," said Carole Theriault. "Computers are very powerful tools that hold vast amounts of personal and confidential information. In some instances, stolen information can be very valuable. Not only is it important to practice safe computing, it is also wise to check that the companies that hold your confidential data are taking your security needs seriously."

Experts recommend that card users check their statements regularly to ensure that no fraudulent charges have been placed. If a fraudulent charge is present, victims should contact their bank and file a police report to facilitate the refund of the charges.

The FBI has been notified at the time of the breach and are currently investigating.

Concerned credit card users should contact their credit card issuers for further information.