Credit Card Processing Company Exposed 9 Million Records Online

Jeremiah Fowler

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

2 minutes read
Credit Card Processing Company Exposed 9 Million Records Online - Security Discovery

Recently I discovered a non-password protected database that contained 9,098,506 records and Personally Identifiable Information (PII). This data contained credit card processing information that included merchant names, payee names, partial credit card numbers, expiration date, email address, security or access tokens, and more. Upon further research there were references to California based Cornerstone Payment Systems.

Credit and financial data is highly sensitive due to the fact that nearly all cybercrime is financially motivated. If criminals had partial credit card numbers, account or transaction information, names, contacts, and donation comments, they could hypothetically establish a profile on those individuals based on their religious affiliation or causes they are passionate about. These criminals could then launch a highly targeted phishing campaign or social engineering attack. It is estimated that 98% of cyber attacks involve some form of social engineering. This publicly exposed dataset could have been a potential goldmine to cybercriminals to work from.

What the Database Contained:

Read my full report of the Cornerstone data exposure here.

← Back to Blog

Got your attention?

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform. Protect your business proactively - get in touch today for personalized digital security solutions.

Business Development
Virginia, United States
Research & Development
Kyiv, Ukraine
Technical HQ
Hamburg, Germany