Breaches continue to plague payments system

October 6, 2015

MADISON, Wis. (10/6/15)--Data breaches continue to plague the economy--and threaten the nation’s payments system.  Breaches have been reported by several major retailers in recent weeks.

T-Mobile recently announced that a breach of a server at Experian, which processes T-Mobile's credit applications, exposed the personal information of about 15 million people who applied for T-Mobile services between Sept. 1 and Sept. 16 (eSecurity Planet Oct. 5).

The exposed data includes names, addresses and birthdates, as well as encrypted Social Security numbers and/or encrypted driver's license or passport numbers.

The American Bankers Association said that its computer systems had been breached and thousands of members’ personal information had been compromised, Fortune reported (Oct. 2). The association said that the attack affected users of its website’s shopping cart tool, which is mostly used by members making purchases or registering for events through In total, the association counted 6,400 records--usernames and password--as having been compromised.

The Trump hotels chain confirmed late thatpayment card information from some of its hotels may have been hacked (PYMNTS Oct. 5). The breach may have involved unauthorized software that was used to access credit card information from the hotels’ own payment systems. That breach is thought to have happened between May 2014 and June 2015, and could impact people who used credit or debit cards at seven of the chain’s hotels.

Discount brokerage firm Scottrade reported a breach that potentially compromised sensitive data of millions of customers. Federal and internal investigations did not determine exactly how many clients’ data were stolen, so Scottrade plans to notify and offer identity protection services to about 4.6 million clients whose information was in a breached database, the company said (CNBC Oct. 2). The incident took place around late 2013 and early 2014.

The affected database contains Social Security numbers and e-mail addresses of clients, but hackers appeared to target names and addresses.