TAGGED:
From: compromise@coop.org
Sent: Thursday, February 12, 2009 1:11 PM
To: Corporate Services
Subject: Compromised Account Notification - US-2009-123y-IC
CO-OP has received a compromise alert.
Alert ID: US-2009-123y-IC
Type of Compromise: Expiration Date, Account Number
You may retrieve your compromised account list by logging into Springboard (https://springboard.tmg.global) and accessing the Springboard Compromised Account Report (Manage/Reporting/Dynamic Report Search/Compromised Account Report). You can also view the accounts directly within the response form on the Compromised Accounts app in Springboard (Manage/Fraud/Search Compromises)
After reviewing the Springboard Compromised Account Report or your affected accounts within the app, you must respond to the alert through the Compromised Accounts app. By filling out this form you will be giving CO-OP permission to complete the actions you have specified on that set of accounts. (Manage/Fraud/Search Compromises)
***Please be advised that this is one of many CAMS distributions related to this incident. You may or may not have impacted accounts in the previous or future distributions.*** Case Number: US-2009-123y-IC Date: February 12, 2009 Entity Type: Acquirer Processor Data Elements at Risk: - Track 1 Data: No - Track 2 Data: No - Account Number: Yes - Cardholder Name: No - Cardholder address: No - Expiration Date: Yes - CVV: No - CVV2: No - Fraud Reported: Yes, elevated fraud
rates on this event Data storage time frame: February 2008 through November 2008 Visa Fraud Control & Investigations has been notified of a confirmed network intrusion that may have put Visa account numbers at risk. The reported incident involves confirmed unauthorized access to a U.S. acquirer processors settlement system of stored transaction information that included Primary Account Numbers (PANs) and expiration dates. No magnetic stripe track data has been identified at risk in this alert. Fraud analysis has revealed elevated card-not-present fraud rates on this incident. Even though it is not known if any account information was actually removed during the intrusion, we must still consider the data to be at risk because of the elevated fraud. Based on the forensic investigative findings, the entity began storing PANs and expiration dates in February 2008. The attached file consists of accounts that currently have an active expiration date. The forensic investigation is ongoing. Any new material information will be provided in a CAMS update to better assist you with fraud and risk mitigation. In the meantime, please review your listed accounts at
www.visaonline.com and take the necessary steps to prevent fraud and safeguard your cardholders.While assessing the appropriate action to take, you may want to review the compromised account best practices document located on https://www.us.visaonline.com/us_riskmgmt/training_materials/issuers_cardholders.asp. Disclaimer Information: This information is provided as an advisory service only and is intended solely for the addressee.
Access to this information by any one else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution is prohibited and may be unlawful. The author and Visa Inc. accept neither responsibility for the accuracy of this information nor any subsequent investigative action or otherwise taken by any individual cardholder based on the information provided herein. This advisory is based on information provided to Visa Inc. by merchants, acquirers, third party processors and law enforcement. Visa Inc. accepts no responsibility for the information and advises Visa cardholders to obtain separate verification. Any action(s) taken by a Visa cardholder based on this information is entirely at the cardholder’s own discretion.
If you have any questions regarding this compromise, please email Cards Risk Management at compromise@tmg.global.
This is intended only for the use of the person to whom it is addressed. This information must only be accessed by the intended recipient. If you are not the intended recipient, any dissemination, distribution, copying or use of this document is strictly prohibited. If you have received this communication in error, please contact Cards Risk Management at compromise@tmg.global.
Please do not respond to this email. If you have any questions they should be directed to compromise@coop.org.
From: _MCAgent [mailto:_MCAgent@Mastercard.com] On Behalf Of MasterCard Alerts Administrator
Sent: Tuesday, May 12, 2009 11:26 AM
To: MCAgent
Subject: MCA1234-EU-56-7 Account Data Compromise Alert
MasterCard Alerts - Account Data Compromise Notification
MasterCard Worldwide has been notified of a situation in which MasterCard payment accounts have been exposed to possible compromise.
Please access www.mastercardonline.com and navigate to the MasterCard Alerts product to pick up your accounts.
Case Number MCA1234-EU-56-7
ICA 1234 18 accounts
This is a general advisory for your information only. MasterCard Worldwide accepts no responsibility for the accuracy of this information and advises MasterCard cardholders to obtain separate verification. Any action(s) taken by a MasterCard cardholder based on this information is entirely at the cardholder’s own discretion.
Background Information:
The MasterCard Fraud Management department continues its investigation of a security breach of a Switzerland based merchant as previously reported in MasterCard Alert case numbers MCA0243- EU-09 dated March 6, 2009, MCA1234-EU-56-7 dated May 8, 2009, and MCA1234-EU-56-7 dated May 12, 2009.
The previous Alert case numbers MCA1234-EU-56, MCA1234-EU-56-7, and MCA1234-EU-56-7 disclosed the payment account numbers of MasterCard accounts that were exposed to compromise as a result of this event. MasterCard has been advised these MasterCard accounts were used in transactions at the subject merchant between October 11, 2008 and February 23, 2009. The magnetic stripe data of these accounts is considered to be at risk.
During the course of the ongoing investigation and risk remediation efforts, MasterCard received new information indicating that additional payment accounts were exposed to compromise as a result of this event.
This Alert notification discloses the payment account numbers of additional MasterCard accounts that were exposed to compromise as a result of this event. MasterCard has been advised these accounts were used in transactions at the subject merchant between October 11, 2008 and February 23, 2009. The account number of these accounts is considered to be at risk.
An issuer’s account numbers may appear in one or multiple of the Alert notifications.
A data security firm has been engaged to conduct an onsite forensic investigation and to secure the merchant’s computer network. MasterCard will continue to monitor and attempt to remediate risk associated with this event.
Based on the above information, payment account information has been exposed to possible compromise.
Customers are encouraged to assess their individual situation and exercise appropriate procedures to address potential risk from this event.
Customers are encouraged to retain these potentially compromised payment account numbers in a readily-accessible manner for future reference. Customers must also retain, for future reference, the issuing Customer ID/ICA number under which this MasterCard Alert was received by the customer.
For additional information regarding Account Data Compromise Events, please refer to section 10.3 of the MasterCard Security Rules & Procedures manual.
Disclaimer Information
This information is provided as an advisory service only. It is intended solely for the addressee. Access to this information by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The author and MasterCard Worldwide accept no responsibility for the accuracy of this information nor any subsequent investigative action or otherwise taken by any individual cardholder based on the information provided herein. This advisory is based on information provided to MasterCard Worldwide by acquirers, merchants, and law enforcement. Any action(s) taken by a MasterCard cardholder based on this information is entirely at the cardholder’s own discretion.
From: VisaRiskManager@visa.com [mailto:VisaRiskManager@visa.com]
Sent: Tuesday, May 12, 2009 1:30 PM
To: visariskmanager@visa.com
Cc: visariskmanager@visa.com
Subject: Case Number US-2009-123a-IC
Case Number: US-2009-123a-IC
Date: May 12, 2009
Data Elements at Risk:
- Track 1 Data: unknown
- Track 2 Data: Yes
- Cardholder Name: unknown
- Expiration Date: Yes
- CVV1-Yes
- Account Number: Yes
- PIN:: Suspected
Exposure Window: September 1, 2007 to March 30, 2008
Visa Fraud Control and Investigations has been notified by Visa Central Europe, Middle East and Africa region of a possible ATM intrusion that may have put Visa accounts at risk. Investigators have detected harmful virus software, embedded in several ATMs in Ukraine, which allows fraudsters to get track data and PIN without mounting external skimming devices. From the information available, customer data may have been exposed on transactions conducted between September 1, 2007 and March 30, 2008.
The investigation is ongoing and this information may be amended as new details arise.
Should you require further information or clarification please contact Visa CEMEA at CEMEAFraudControl@visa.com, and reference case number CE-2009-123a-IC.
Please review your listed accounts at www.visaonline.com and take the necessary steps to prevent fraud and safeguard your cardholders. While assessing the appropriate action to take, you may want to review the compromised account best practices document located on https://www. us.visaonline.com/us_riskmgmt/training_materials/issuers_cardholders.asp.
Disclaimer Information: This information is provided as an advisory service only and is intended solely for the addressee. Access to this information by any one else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution is prohibited and may be unlawful. The author and Visa Inc. accept neither responsibility for the accuracy of this information nor any subsequent investigative action or otherwise taken by any individual cardholder based on the information provided herein. This advisory is based on information provided to Visa Inc. by merchants, acquirers, third party processors and law enforcement. Visa Inc. accepts no responsibility for the information and advises Visa cardholders to obtain separate verification. Any action(s) taken by a Visa cardholder based on this information is entirely at the cardholder’s own discretion.
Click below to access the printer-friendly version.
PDF (Entire Guide) PDF (This Section)
