I was informed today that the payment service provider RBS Worldpay had released details of a breach of cardholder data. After a small amount of investigation I found that the breach had occurred in November and around 1.5 million records were stolen.
According to a press release on the RBS Worldpay site only 100 of these cards had been misused and they have begun taken steps towards protecting all of the cardholders with fraud protection etc. I will be interested to see how much press this breach gets, perhaps the cynic in me is taking the lead here but releasing this information at this time of year might just minimise the amount of brand damage inflicted upon RBS Worldpay.
There aren’t many details available at the moment about how the data was stolen but as I know more I will post it here.
EDIT – 26th December 2008.
Well it appears that I’m the only person really covering this breach at the moment
To be honest I don’t want this data loss to be glossed over because the press release was issued at this time of year. I have submitted the dataloss information to the DatalossDB so that this breach is tracked and recorded correctly. You can see by the links I provided in the DatalossDB entry there is very little coverage of this incident at the moment.
Hopefully some of the mainstream media/prominent security news sites will pick up on this soon as well.