Leaky Database at California Credit Card Processing Company Exposed Over 9 Million Online Records

Security researchers have stumbled upon an unsecure database exposing over 9 million records of Cornerstone Payment Systems, a leading California-based credit card processing company.

Website Planet investigators alongside security researcher Jeremiah Fowler noted that the non-password-protected database contained 9,098,506 transaction records as well as personally identifiable information, mostly linked to donations and recurring payments for religious organizations, charity campaigns and nonprofits.

Here’s a breakdown of the exposed contents:

• Merchant names and users
• Customer names, physical addresses email addresses (3,641 Gmail addresses, 1,194 Yahoo addresses and small number of MSN and Comcast emails) and phone numbers
• Transaction details including partial card numbers, card type, donation details, recurring payment details and amounts
• Donation cause, comments, bank names, check numbers, authorization tokens and electronic check payment data

Researchers also notified Cornerstone Payment Systems, which promptly secured the database, barring all public access to the information. Although no signs of malicious access have been noted at this time, investigators warned of risks such as targeted phishing attacks against customers.

“One potential risk would be criminals reaching out to customers and pretending to be a legitimate merchant or organization,” researchers said.

“The criminals would have all of the insider knowledge to build a relationship of trust with their victims to obtain additional payment information or a Social Security Number (SSN) or other data that could be used for nefarious purposes,” the researchers continued. “For example the criminal calls and says ‘I see you donated $500 back in March to support XYZ cause and we need you to validate the credit card ending in 1234.’ The victim would have no reason to doubt this was a legitimate call.”

Looking for an easy way to stay on top of data breaches and leaks, and monitor your online presence against privacy risks and fraud?

Grab a Bitdefender Digital Identity Protection tool or a Bitdefender Identity Theft Protection plan (US only) for more peace of mind amid growing data breaches and fraud cases.