UPDATE: System break-in nets info on eight million credit cards

A computer hacker, or hackers, has gained access to the credit card numbers of as many as eight million credit card customers.

As a result, information was stolen from more than 2.2 million MasterCard International Inc. accounts and approximately 3.4 million Visa USA Inc. cardholder accounts, according to those companies. American Express and Discover Financial Services also joined that list on Wednesday.

The amount of stolen numbers was on Tuesday estimated to be approximately five million, but as of Wednesday that number has climbed. Of the eight million stolen, reports indicate that approximately 100,000 of these are Canadian card numbers.

The theft occurred when the system of a company that processes credit card transactions for merchants was broken into, according to statement released by Visa U.S.A.

Systems operated by Visa and MasterCard were not compromised, and both companies said they have contacted all the financial institutions affected by the theft.

No information was available about which banks were affected by the theft, but a Visa spokesperson said that none of the stolen Visa account information has been used fraudulently.

MasterCard is continuing to investigate whether the account information has been used to make purchases, according to Sharon Gamsin, vice-president of global communications at MasterCard.

Neither Visa nor any of the other companies involved would identify the company that was hacked, nor would they provide information on how the theft occurred, citing security concerns.

MasterCard became aware of the security breach during the week of Feb. 3, Gamsin said.

Visa and MasterCard, like other credit card companies, use third-party companies to manage credit card transactions between merchants and the financial institutions that issue the credit cards.

Those companies transfer money to a merchant’s account and manage any transaction fees, according to a Visa spokesperson. In Canada, these transactions are ususally handled by banks.

In the U.S., the FBI’s Cybercrime division is also investigating the theft, according to Cybercrime division spokesperson Bill Murray.

The decision about whether to cancel a credit card account or merely flag it for possible fraud is up to the financial institutions that issued the card, according to Gamsin.

Both Visa and MasterCard offer zero liability policies, which absolve cardholders of responsibility for unauthorized purchases.

Cardholders who discover that their account has been used fraudulently should contact the financial institution that issued the card, Gamsin said.

– With files from IT World Canada Staff