In news reports breaking today, Visa and MasterCard are warning banks in the US about a massive data breach that involves more than 10 million payment cards, including full magnetic stripe data. The data breach reportedly took place between January 21, 2012 and February 25, 2012. While details are still pending, the breach is being characterized as “massive.”
While the PCI DSS has been in place for almost seven years, with the card brands introducing individual programs years prior to that, the latest breach demonstrates the difficulty that comes with the constantly evolving threat landscape. The motives, as well as the means, to commit data breaches have changed significantly over the years since PCI DSS became mandatory. One thing that remains constant, however, is the need to remove the value from data, thereby reducing the risk to the company or organization should the network be compromised. The best way to accomplish that remains strong encryption coupled with enterprise key management.
As the details are yet to emerge, it is not appropriate to speculate as to the cause of the breach or how it was perpetrated. It does highlight, though, the ongoing need to ensure proper data protection. Stay tuned for more details ...