The-Hogs.net - Washington Football Discussion, Redskins to Commanders Era

Viewed by the numbers, it's the largest security breach made public in recent memory.

An "unauthorized individual" infiltrated the computer network of a third-party payment processor and may have stolen up to 40 million credit card numbers, MasterCard International revealed Friday. All brands of credit cards were exposed in the attack; about 14 million of the 40 million accounts exposed were MasterCard accounts, the firm said.

MasterCard spokeswoman Jessica Antle said other important personal information, such as Social Security Numbers and birthdays, was not stolen during the incident.

MasterCard pinned the blame on Tucson, Ariz.-based CardSystems Solutions Inc. In a statement issued late Friday, CardSystems confirmed it suffered a "security incident" on May 22.

"We understand and fully appreciate the seriousness of the situation," the statement, which was signed by marketing director Bill Reeves, said. "We are sparing no effort to get to the bottom of this matter. Our goal is to cooperate fully with the FBI to complete the investigation."

CardSystems did not answer other questions posed by e-mail and did not return telephone calls.

On its Web site, CardSystems says it performs transactions for more than 100,000 small companies with more than $15 billion in Visa, MasterCard, American Express and Discover transactions processed annually.

Visa USA acknowledged in a statement that some of its credit card accounts were also compromised in the incident; it did not reveal how many. Judy Tenzer, a spokeswoman for American Express, confirmed a small number of its customers were also caught up in the breach. Discover did not immediately return phone calls seeking comment.

MasterCard officials say they discovered the fraud and traced it to a problem at CardSystems. CardSystems, in its statement, indicated it discovered the incident and voluntarily reported it to the FBI and the credit card associations.

CardSystems also would not confirm the number of accounts placed at risk by the intrusion, pegged at up to 40 million by MasterCard.

"MasterCard International is notifying its member financial institutions of a breach of payment card data, which potentially exposed more than 40 million cards of all brands to fraud," MasterCard's statement said.

CardSystems was fingered by MasterCard after it spotted fraud on credit card accounts and found a common thread, tracing it back to CardSystems, MasterCard said.

"Through the use of MasterCard fraud-fighting tools that proactively monitor for fraud, MasterCard was able to identify the processor that was breached," the company said in its statement.

MasterCard spokeswoman Sharon Gamsin said a computer virus was not to blame for the data theft. She said she couldn't provide details of how the systems were hacked, but did say that "an unauthorized entity put a specific code into CardSystems' network," enabling the person or group to gain access to the data. She wouldn't say how long attackers had access to CardSystems computers.