A US court has ordered payment processor CardSystems and its co-defendants to keep all information and evidence relating to a security breach that put 40 million credit card customers at risk of fraud.
The court hearing follows a class action launched by California cardholders in June after a security breach allowed hackers to break into the payment processor’s computer systems, compromising the security of cardholders’ payment information. It is understood that the personal details of around 200,000 customers were stolen.
The California Supreme Court in San Francisco slapped the injunction on CardSystems, Visa, MasterCard and Merrick Bank, instructing them to “refrain from destroying” and “preserve offline in a secure manner” any information that could be used to check the identities of California cardholders whose data has been compromised or accessed by unauthorised parties.
The court order is aimed at preventing the sort of document shredding that accompanied the investigation into the Enron accounting scandal.
CardSystems and the other defendants must also face a hearing on 17 August when the court will determine whether they must take responsibility for notifying affected credit cardholders of the security breach and what information could have been accessed or obtained by an unauthorised person.