A security industry blog warned on Friday of a potentially “massive” data breach affecting as many as 10 million Visa and MasterCard accounts. Krebs on Security reports that “separate non-public alerts” were sent by the two payment processing networks to banks, warning them that a U.S.-based breach may have led to account information being stolen between January 21 and February 25. Krebs characterizes the data as “full Track 1 and Track 2,” meaning that the information hackers obtained could be used to manufacture new, fraudulent credit accounts.
The two companies didn’t disclose which of its processors was hacked, but Krebs reports that investigations are being conducted by affected banks to try and pinpoint the source. So far, “most” of the cards analyzed by two banks had at least one common transaction that tied them together: They were used at parking garages around the New York City metropolitan area.
The alerts were sent late last week, according to Krebs. According to the Wall Street Journal, MasterCard is telling banks with affected accounts about “certain MasterCard accounts that are potentially at risk,” and said it would “continue to monitor the event.”
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” the company said in a statement. “Visa encourages cardholders to regularly monitor their accounts” and report any suspicious activity to their bank.
Both companies were quick to stress that the hacked processor was a third party’s, not one belonging to Visa or MasterCard — although that distinction probably won’t ease consumers’ fears about the prospect of having their identity stolen.