Mastercard, Visa Warn of Security Breach (Update 1)
Law enforcement agencies have been notified and an independent data security organization is currently conducting a "forensic review" of the incident, Mastercard said.
The company has alerted banks regarding certain Mastercard accounts that could be at risk. Cardholders concerned whether their account is at risk should contact the issuing bank, the credit card company said.
"MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," a company spokesperson said in a statement.
He added that Mastercard's own systems have not been compromised in any manner.
Visa also confirmed that they were aware of the breach and that issuers have been notified.
"It's important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa's zero liability fraud protection policy, which exceeds federal safeguards," the company said in a statement. "As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. "
Shares of Mastercard and Visa were off by 0.67% and 0.3% respectively.
A blog post on Krebs on Security, which first reported the news, cited sources in the financial sector calling the breach "massive".
"Certainly, the headlines are not a positive for the payments space in general as far as confidence on security is concerned," KBW analyst Sanjay Sakhrani said. "However, with the limited details we have, it would seem to indicate that the systems that were breached were not those of MA or V and most likely a processor/acquirer. Recall, it is the breached entity (in this case it would appear based on press articles, the merchant acquirer/processor) that would bear the liability to the extent damages are incurred."