SecPoint Logo

Data Breach at Security Auditor revealed

After CardSystems Solutions went through what proved to be one of the largest credit card data infiltrations of 2004, it went for its security auditor's report for assistance.

The company should have been totally safe and protected because they were using the industry standard in data security—also known as CISP—which was flaunted as a sure way to protect data and information.

Savvis Incorporated, is being taken to court in a groundbreaking lawsuit that could force change in the largely self-regulated world of credit card data security.


Moreover, CardSystem's auditor, Savvis Incorporated, assured them that they were nearly, if not completely, invulnerable from cyber attacks just three months before the cyber attack occurred.

Those ultimately empty promises aside, 40 million credit card numbers were compromised and about 263,000 were stolen from the company in 2004.

40 Million Credit Card numbers stolen

About five years later, Savvis is now being sued by the credit card company in a novel lawsuit that, many legal experts believe, could help revolutionize the outdated and largely self-regulated security practices of the credit card industry.

They say the charges symbolize the latest developments in data hacking litigation and raises awareness on not only the accountability of companies that handle credit card information but also the liability of third parties that review and endorse the dependability of these corporations.


The first-of-its-kind lawsuit against a security auditing firm exposes defects in the standards that were instituted by the financial industry to defend its clients from having their sensitive bank data hacked and stolen.

It also highlights the uselessness of an auditing system that was supposed to assure that card processors and other similar business complied with the supposed security standards.

Credit card companies have long ballyhooed the standards and the auditing process as proof that financial transactions done under their care are trustworthy, secure, and protected. However, both RBS WorldPay and Heartland Payment Systems—a pair of processors that were certified by the same touted standards—experienced large-scale breaches in security care of enterprising hackers regardless of their certification.

All the same, the industry hopes that this recent development in network and data security will help setup a far more efficient security regulation for companies that need it the most.