Week in review: The cost of insecurity

Consumers and retailers come to grips with the largest-ever breach of personal data security.

As news of what may be the largest-ever personal data security breach spread, consumers and retailers grappled with how the lost information would affect them.

Late last week, MasterCard International revealed that information on more than 40 million credit cards may have been stolen. Of those exposed accounts, about 13.9 million are for MasterCard-branded cards. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover.

The data security breach happened because intruders were able to exploit software security vulnerabilities to install a rogue program that captured credit card data on the network of CardSystems Solutions, a MasterCard International spokeswoman said. The malicious code was discovered after a probe into the security of CardSystems' network.

The probe also found that the Atlanta-based payment processor did not meet MasterCard's security regulations. CardSystems held onto records that it should have discarded, and it stored transaction data in unencrypted form, the spokeswoman said.

Despite those details, many consumers are largely being left in the dark. Pressure is mounting for companies to alert individual cardholders whose details were exposed by the breach at data processor CardSystems Solutions. But representatives for JP Morgan Chase, Citigroup and MBNA said they would not notify customers unless the accounts are actually abused. At that point, the providers would close the account and issue a new card, they said.

Retailers may have more to lose than consumers by the lack of notification. If a fraudster makes purchases on an individual's card, then the cardholder has to pay for the first $50 of unauthorized transactions, or nothing at all. Businesses, however, in many cases have to cover the loss--a potentially heavy burden in the CardSystems case, given the large number of accounts exposed. If consumers aren't alerted, that means the compromised cards could still be active and may be used by criminals in a transaction.

Tech in court
Two of the most closely watched court cases in the tech world were left undecided this week as the U.S. Supreme Court chose to delay its rulings.

One case focuses on how much responsibility technology companies have for the actions of customers who use products to break copyright laws. Peer-to-peer file swapping is the heart of the issue, but the court is addressing a delicate legal balance between copyright interests and technological progress that has lasted for two decades. Despite the lack of judicial resolution, some entrepreneurs are pushing ahead with plans to harness the anarchic networks for commerce.

The other major case pits the Federal Communications Commission against a small Internet service provider called Brand X, which could set the ground rules for competition in the broadband market for years to come. Though the details of the case are seemingly arcane, the issue could influence how quickly high-speed Internet services come online across the country, what features they will have and how much they will cost--particularly in regions where cable is the only broadband choice for consumers.

Decisions on these cases could come as early as Monday.

No stranger to the courtroom, Apple Computer found itself on the receiving end of a suit when a Vermont company alleged that

Featured Video