"While the scope and details of the attack are not yet known, it shows three years after the Heartland Payment Systems breach of 130 million credit card numbers that credit card data is still vulnerable," said Neil Roiter, research director at Corero Network Security. "The is highly prescriptive in nature, but simply complying does not ensure credit card security. Companies that rely on PCI DSS to solely dictate their security measures will continue to remain vulnerable to attack."
As many as 10 million users of VISA and MasterCard may have had their card numbers compromised in what sources in the financial sector are calling a "massive" breach of a U.S.-based credit card processor.
The news was first reported this morning by Brian Krebs in his .
Ted Julian, chief marketing officer of Co3 Systems, a data loss management firm, estimates the potential liability for a merchant with 1 million cards compromised could top $1.6 million from compliance fines alone.
Krebs said the two credit card firms issued non-public alerts last week to banks about specific cards that may have been compromised in a breach of the so-far unnamed processor between Jan. 21 and Feb. 25 of this year.