June 30, 2005
Jefferson City, Mo. — Attorney General Jay Nixon has joined attorneys general from across the nation in calling upon CardSystems Solutions — the target of a security breach that compromised the personal financial information of millions of credit card holders — to give an accounting of the extent of the information that was stolen, and how the company will prevent similar breaches in the future.
The letter, coming in the wake of news reports of the security breach, was sent to Linda P. Ford, senior vice president and legal counsel for CardSystems in Tucson, Ariz. The letter states: "...your company may have violated provisions of the Payment Card Industry Data Security Standard, a set of security requirements for merchants and payment processors that includes implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy. This is unacceptable."
Estimates indicate that as many as 22 million Visa card holders and 14 million MasterCard holders may have been exposed to the security breach, which occurred in late May.
"In this information age — where the exposure of an individual's personal financial information could have dire consequences — a company using less than the most secure means to safeguard that data is irresponsible," Nixon said. "These customers deserve an immediate accounting, and deserve assurances that it will not happen again."
Specifically, CardSystems is being called on to: