Mastercard Inc. has confirmed its German loyalty program partner Priceless Specials has been breached, exposing information from the accounts of 90,000 consumer customers.
The breach, which the credit card company said in a statement “resulted in the unauthorized distribution of certain information,” was discovered August 19. The incident affects mostly German customers, according to the Belgian Data Protection Authority.
“The data breach revealed information such as names, payment card numbers, email addresses, home addresses, phone numbers, gender and dates of birth,” said the regulator, which “is working closely with its Hessian counterpart and the other competent authorities to defend the interests of the persons affected by this incident.”
Belgian DPA Chairman David Stevens said his agency has "received a lot of questions and complaints since the announcement of this incident” and has “contacted MasterCard in order to get additional information.”
Mastercard said it was “taking every possible step to investigate and resolve the issue,” including informing and supporting cardholders. The company has moved to remediate the breach, shutting down the German Specials program website.
“The focus on whether or not user or card information was lost is misplaced,” said Matt Keil, director of product marketing at Cequence Security. “We’ve seen Loyalty points fraud as a result of an account take over result in losses in the millions. Attackers turn points into cash, products or services – at the expense of someone else.”
Kell said that while “users have become numb to the constant theft of their information, the loss of points is tangible and may have a direct impact on the card holders’ ability to travel or buy a present for loved ones.
Losing “loyalty points through account take overs will have a greater impact on user satisfaction than losing their personal information,” he contended.