Mastercard disclosed a data breach to the German and Belgian Data Protection Authorities (DPA) involving customer data from the company’s Priceless Specials loyalty program.
The data was made available on the Internet, with customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth being included in the leaked info.
Mastercard says that “the incident is limited to the Specials program” and that the only payment card information leaked were the numbers of payment cards.
After the data leak was discovered, Mastercard suspended the German Priceless Specials and took down its website, leaving up only a message saying that “This issue has no connection to MasterCard’s payment network.”
The breach was discovered after the loyalty program data was released on the Internet on August 19 says Mastercard.
Based on the facts known at this time, the following personal information is affected: payment card number, title, name, date of birth, gender, mailing address, e-mail address and telephone number and the time of first registration with Priceless Specials. Neither access data nor passwords were published. The expiration date of payment cards and the check digit (CVC) were also not published.
Exposure of sensitive information