GDPR will definitely bite MasterCard on a breach of 90,000 German customer’s data including names, addresses and partial credit card numbers. And there are reports of an additional, unidentified list, circulating with full credit card numbers. As with other recent breaches, it appears a third-party vendor was trusted with the data, and then proceeded to treat the data in an untrustworthy way.

In a statement, MasterCard said,

Mastercard was alerted to a problem related to our Priceless Specials platform. We take privacy very seriously and are investigating this problem with great urgency. As a precaution we have closed the Priceless Specials platform immediately. This issue has no effect and is not related to MasterCard’s payment network.

However it’s unclear what data the third-party actually had — while the payment network may be secure, the broader ecosystem of data and privacy is not. It’s likely that the unnamed third party will be held accountable, MasterCard will undoubtedly be facing fines and customer confidence issues.

More news can be found here:

Data breach at Mastercard expands
https://www.en24.news/2019/08/data-breach-at-mastercard-expands.html

Germany: hacking data from 90,000 Mastercard customers
https://www.tellerreport.com/news/2019-08-22—germany–hacking-data-from-90-000-mastercard-customers-.BkxIpAb3ES.html

Mastercard Says User Data Breached in German Loyalty Program
https://www.morningstar.com/news/dow-jones/201908223471/mastercard-says-user-data-breached-in-german-loyalty-program

MasterCard says it’s investigating a data breach of German loyalty program
https://www.marketwatch.com/story/mastercard-says-its-investigating-a-data-breach-of-german-loyalty-program-2019-08-22