Mastercard Inc. has confirmed its German loyalty
program partner Priceless Specials has been breached, exposing information from
the accounts of 90,000 consumer customers.
The breach, which the credit card company said in a
statement “resulted in the unauthorized distribution of certain information,”
was discovered August 19. The incident affects mostly German customers,
according to the Belgian Data Protection Authority.
“The data breach revealed information such as
names, payment card numbers, email addresses, home addresses, phone numbers,
gender and dates of birth,” said
the regulator, which “is working closely
with its Hessian counterpart and the other competent authorities to defend the
interests of the persons affected by this incident.”
Belgian DPA Chairman
David Stevens said his agency has “received
a lot of questions and complaints since the announcement of this incident” and has
“contacted MasterCard in order to get additional information.”
Mastercard said it was “taking every possible step to investigate and resolve the issue,” including informing and supporting cardholders. The company has moved to remediate the breach, shutting down the German Specials program website.
“The focus on whether or
not user or card information was lost is misplaced,” said Matt Keil, director
of product marketing at Cequence Security. “We’ve seen Loyalty
points fraud as a result of an account take over result in losses in the
millions. Attackers turn points into cash, products or services – at the
expense of someone else.”
Kell said that while “users
have become numb to the constant theft of their information, the loss of points
is tangible and may have a direct impact on the card holders’ ability to travel
or buy a present for loved ones.
Losing “loyalty points
through account take overs will have a greater impact on user satisfaction than
losing their personal information,” he contended.