Mastercard has joined the growing list of high-profile brands which have been hit by a data breach after the credit card giant fessed up to EU data protection regulators about an issue which has affected thousands of members of its loyalty programme.
According to the Belgian Data Protection Authority, the company noticed on August 19 that customer data from the “Priceless Specials” loyalty scheme had been posted online for “a certain period of time”.
It added that names, payment card numbers, email addresses, home addresses, phone numbers, gender and dates of birth of a “large number” of customers had been compromised. Mastercard admitted that a “significant portion” of the victims are German.
The Belgian authorities were notified because the company has its regional headquarters in Waterloo, in the province of Walloon Brabant.
In a statement to Bloomberg, Mastercard insisted the breach “has no connection to Mastercard’s payment transaction network”, adding that “there was an event involving the Specials loyalty platform in Germany, managed by a third-party vendor, which resulted in the unauthorised distribution of certain information”.
Belgian Data Protection Authority chair David Stevens said: “We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted Mastercard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities.”
UPDATE: Mastercard has released a statement, which reads: “We can confirm there was an event involving the Specials loyalty platform in Germany managed by a third-party vendor, which resulted in the unauthorized distribution of certain information. We take privacy and security extremely seriously and are taking every possible step to investigate and resolve the issue. This includes informing and supporting those cardholders affected and immediately suspending the Specials platform, among other actions. This issue has no connection to Mastercard’s payment transaction network.”
Twitter admits GDPR breach after exploiting user data
Monzo squirms again after gaffe exposes pin numbers
Capital One admits mass attack as cocky hacker is held
Top London estate agent flayed for 2-year data breach
Leicester City FC on hiding to nothing over data breach
UK firms battered by one hack attack every 50 seconds
Over 40% of firms suffered cyber breach in past year
Top tourist attractions hit by 110m data theft attacks