Netcraft: Lax Security Cited in Massive Credit Card Data Theft

Inadequate security at credit card processor CardSystems Solutions Inc. is being blamed for a break-in that has exposed more than 40 million credit card accounts to potential theft. The company says the system compromise was discovered May 22, after a MasterCard inquiry into a wave of fradulent transactions.

MasterCard International said it "worked with CardSystems to remediate the security vulnerabilities in the processor's systems. These vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data." Officials at affected institutions were not specifying the vulnerability and exploit used to breach CardSystems' security. The CardSystems web site runs on the Windows 2000 operating system and Microsoft IIS Server 5.0.

Oh joy, a credit card processing company had an insecure Windows machine running Microsoft's IIS webserver, it got owned by some haxor who stole credit card data for 40+ million accounts that belong to regular ol' people who didn't do anything wrong. That's just effing super.