Mastercard revealed a data breach to the German and Belgian Data Protection Authorities (DPA) which involves the user data from the company’s Priceless Specials loyalty program.
The data leaked which includes the customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth were made available on the Internet.
Mastercard confirmed that the incident was limited to the Specials program and that the leaked payment details include only the numbers of payment cards. The access data or passwords, expiry dates of payment cards and CVC were not published.
After being aware about the data leak, Mastercard suspended the German Priceless Specials and took down its website, leaving a message stating that “This issue has no connection to MasterCard’s payment network.”
David Stevens, Chairman of the Belgian Data Protection Authority assured their users that they have contacted MasterCard to get additional information, and that they are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities.
The data breach was discovered only after the loyalty program data was released on the Internet on August 19. The company immediately acted to remove the published information and to protect the interests of the affected users.
Later, on August 21, 2019, another file of personal information was published on the Internet and the company is working to remove them as well.
Heise Media reported that it saw the Excel spreadsheets containing lists of around 90,000 and 84,000 rows that were distributed on the internet after Mastercard’s Priceless Specials loyalty program was breached.
Mastercard requested all sites that hosted the info was hosted to also delete the personal information belonging to its Priceless Specials customers.
The company has informed all potentially impacted clients about their info being leaked in the incident. Mastercard also decided to provide one-year free credit monitoring and identity theft prevention service to affected users:
All the cardholders are encouraged to review their monthly statements and inform their card issuing institution if they find anything suspicious.