Mastercard disclosed a data breach to the German and Belgian Data Protection Authorities (DPA) involving customer data from the company's Priceless Specials loyalty program. The data was made available on the Internet, with customers' names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth being included in the leaked info. Mastercard says that "the incident is limited to the Specials program" and that the only payment card information leaked were the numbers of payment cards. After the data leak was discovered, Mastercard suspended the German Priceless Specials and took down its website, leaving up only a message saying that "This issue has no connection to MasterCard's payment network." "We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities," says David Stevens, Chairman of the Belgian Data Protection Authority. The breach was discovered after the loyalty program data was released on the Internet on August 19 says Mastercard. "Thereafter, we acted promptly to remove the published personal information and to protect the interests of the affected users," adds the company. "On August 21, 2019, we became aware that a second file of personal information was published on the Internet. We are working to remove them as well." Heise Media reported that it saw the Excel spreadsheets containing lists of roughly 90,000 and 84,000 rows that were distributed on the internet after Mastercard's Priceless Specials loyalty program was breached. Follow this thread on OUR FORUM.

The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads. This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages with "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder" subjects, coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses. "The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer's refund, electronic return or tax account," says IRS' warning. "The emails contain a 'temporary password' or 'one-time password' to 'access' the files to submit the refund. But when taxpayers try to access these, it turns out to be a malicious file." More to the point, after entering the password issued in the spam message, the targets would unintentionally download malware that could allow the malicious actors to either harvest sensitive info or take control of their victims' compromised systems. "The IRS does not send emails about your tax refund or sensitive financial information," stated IRS Commissioner Chuck Rettig. "This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on guard at all times." The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also urges users and administrators to review the CISA Tip on how to avoid phishing and social engineering attacks. This warning comes after the IRS issued a joint news release with the US tax industry and state tax agencies in late July to remind professional tax preparers that they are required by federal law to have a data security plan in place. Learn more on OUR FORUM.