What’s the matter?
Mastercard exposed Microsoft Excel spreadsheets containing lists of roughly 90,000 and 84,000 rows of customer data on the internet.
The big picture
The customer data leaked on the internet were limited to the Priceless Specials loyalty program. The data was exposed after Mastercard's Priceless Specials loyalty program was breached.
Mastercard became aware of the breach on August 19, 2019. Upon which, the organization launched an investigation on the incident and took the immediate steps to remove the leaked information. It also requested all sites where the information was published to delete them.
On August 21, 2019, Mastercard learned that the second file containing customers’ personal information was published on the Internet. It is currently working to remove them as well.
What information was exposed?
The exposed information includes customers' names, dates of birth, gender, email addresses, phone numbers, home addresses, payment card numbers, and the time of first registration with Priceless Specials.
However, no access data, passwords, or payment card details such as expiration date and CVV numbers were published.
What was the response?
Mastercard suspended the German Priceless Specials loyalty program and took down its website, leaving a message that says “This issue has no connection to MasterCard's payment network”.
“We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities,” David Stevens, Chairman of the Belgian Data Protection Authority said.