Security & Fraud

Visa And Mastercard Warn Of 200K Vulnerable Credit Cards From Equifax Leak

Mastercard new logo

Visa and Mastercard are warning financial institutions across the country that more than 200,000 credit cards were compromised during the Equifax hack.

KrebsOnSecurity broke the news of the confidential alerts, which suggest that hackers initially breached Equifax in November 2016. In fact, Visa said in a non-public alert sent this week that the “window of exposure” for the cards stolen in the Equifax breach was between November 10, 2016 and July 6, 2017. A similar alert from Mastercard included the same date range.

However, Equifax says the accounts were all stolen at the same time, when hackers gained access to the company’s systems in mid-May 2017.

“The attacker accessed a storage table that contained historical credit card transaction related information,” the company said in a statement to KrebsOnSecurity. “The dates that you provided in your e-mail appear to be the transaction dates. We have found no evidence during our investigation to indicate the presence of card harvesting malware, or access to the table before mid-May 2017.”

Both Visa and Mastercard frequently send alerts to banks issuing cards when specific credit and debit cards may have been compromised in a data breach. Typically, the alerts don’t include the specific company involved in the security issue. In this case, however, Equifax was specifically named as the source of an eCommerce card breach.

“The investigation is ongoing and this information may be amended as new details arise,” Visa said in its confidential alert, linking to the press release Equifax initially posted about the breach on Sept. 7, 2017.

Visa revealed that the data elements stolen in the cyberattack included card account numbers, expiration dates and cardholders’ names – information that can be used to conduct eCommerce fraud at online merchants and perform identity theft.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.