Discover Financial Services has notified their customers of a data breach and issued them a new card with a new security code and an extended expiration date. The company also noted that if any of the account holders experience fraud, they will not be burdened with the cost of the unauthorized purchases. Discover claims that the data breach incident did not involve their systems but a different company who they forwarded their notice to, while they are still monitoring the accounts and the associated merchant data. This element differentiates the incident from the data breach that the same company suffered last year as reported by the bleeping computer.
This time, Discover learned that a number (not specified) of their customers might have had their personal information leaked. The type of data includes critical information such as account numbers, card expiration dates, and even the CVV security codes. That said, those who got their hands on this information can proceed to make purchases, although with Discover monitoring all transactions it will be risky. Discover doesn’t clarify the number of affected accounts, nor the location of the compromise. Possibly, they have realized that their customers’ data were for sale on the black market, or were notified by one of their data management collaborators of a database breach, but these are just assumptions.
There’s a detail in the breach notifications that were circulated to affected customers, which is a difference in the notice relating to “Automatic Bills.” This indicates that the data breaches were possibly two, and are different from a qualitative perspective. The two notes provide merchant lists that are to be taken as exclusion or inclusion for contact from the customer side, so some clients need to reach out to merchants while others don’t. Moreover, only a few of the affected customers have received a new account number and credit card.
Customers who may have identified suspicious purchases and activity on their accounts may call Discover at 1-866-240-7938 so that further protection and blocking action may be taken.
Are you a Discover customer? Do you believe that the company should be less vague in their data breach announcements? Let us know where you stand in the comments below, and help us raise awareness of the breach by sharing this story through our socials, on Facebook and Twitter.