Huge security breach for German credit cards
Published: 13 Dec 2008 10:14 GMT+01:00
Updated: 13 Dec 2008 10:14 GMT+01:00
Detailed and sensitive bank information of tens of thousands of German credit card customers have been stolen in what investigators have described as the worst ever case of data theft in the country.
Microfilm containing the extensive data was sent to the Frankfurter Rundschau newspaper anonymously in the post, causing investigators to question the security procedures of the bank concerned.
The data was simply sent in a cardboard box, addressed to the editorial office. When they opened it, journalists found a mess of open envelopes containing secret numbers and other data, and pieces of microfilm – prompting them to scramble for strong magnifying glasses to read what was there.
Not only the account numbers but also credit card details such as PIN numbers and details of payments were among the stolen data.
And although the data was from the Landesbank Berlin, because it is the country’s biggest issuer of credit cards, customers from all sorts of institutions up and down the country have been affected.
The paper says it has details of credit card bills detailing full names of the customers, addresses, bank account numbers, credit card numbers and every payment and transfer.
The data is from this year, it says, with purchases dating from as recently as August.
People holding the following credit cards are among those affected - Amazon Visa, White Lable Premium, various ADAC visa and master cards, LBB cards and even the Xbox classic card.
“This is a scandal of considerable scale,” Alexander Dix, the Berlin state data security representative. “The investigating authorities must act.” He said the idea of sending packages of microfilm in the post was particularly odd, he added. “That is a method of data storage which belongs to the last century.”
A spokesman for his federal counterpart Peter Schaar told the paper, “The diversity and actuality of the data is unimaginable. I would not have considered such a thing to be possible.”
The question was also raised of where else the data might have been sent. “It is possible that the same packet could have been offered for sale,” the spokesman said.
He also said it was surprising that the Landesbank stored such material on microfilm “This is a very strange thing. It does not meet the latest security standards.”
The Landesbank Berlin works with the financial services provider Atos Worldline to administer the credit cards. The cardboard box also included a bill for €71,400 – from Atos to the Landesbank.
Hundreds of thousands of credit card bills are moved between the Landesbank and Atos but, as the Frankfurter Rundschau described it, “This time something went wrong.”
It said both companies were taken by surprise when contacted by reporters and vowed to investigate immediately.