CardSystems must retain security-breach data, rules court


CardSystems must retain security-breach data, rules court

Tash Shifrin

A US court has ordered payment processor CardSystems and its co-defendants to keep all information and evidence relating to a security breach that put 40 million credit card customers at risk of fraud.

The court hearing follows a class action launched by California cardholders in June after a security breach allowed hackers to break into the payment processor’s computer systems, compromising the security of cardholders’ payment information. It is understood that the personal details of around 200,000 customers were stolen.

The California Supreme Court in San Francisco slapped the injunction on CardSystems, Visa, MasterCard and Merrick Bank, instructing them to “refrain from destroying” and “preserve offline in a secure manner” any information that could be used to check the identities of California cardholders whose data has been compromised or accessed by unauthorised parties.

The court order is aimed at preventing the sort of document shredding that accompanied the investigation into the Enron accounting scandal.

CardSystems and the other defendants must also face a hearing on 17 August when the court will determine whether they must take responsibility for notifying affected credit cardholders of the security breach and what information could have been accessed or obtained by an unauthorised person.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy