40M Credit Card Numbers Stolen from a System that Shouldn't Have Had Them

Remember last week's story about 40,000,000 credit card numbers being stolen from a business partner of MasterCard? Well, the company is now admitting it should not have kept the data around, anyway. Turns out that they were retaining data to research an issue with transactions not correctly completing or authorizing on their system. It is reasonable to keep some test data around for this kind of thing, but let's be honest and admit 40 million records is a bit excessive. I would say "Perhaps next time they'll do better," but it is unlikely that MasterCard will keep doing business with a company which has been caught in such an extreme breach.