We take security very seriously at Curve and are aware of a possible data breach in the MasterCard “Priceless Specials” program. You will be contacted if you have been affected to have your Curve card reissued at no cost. If you have any questions please contact CX via email@example.com.
It looks like customer data of German Mastercard customers (who used the priceless rewards program) has been leaked. I have registered my Curve card with that service as well and my data looks like it has been leaked as well.
Link with more information (german only, unfortunately): https://www.mydealz.de/diskussion/info-zu-potentiell-geleakten-mastercard-daten-1422287
Does anyone know more details about the extent of that leak and if it will be necessary to get a new credit card? I have already locked my Curve card in the app and contacted the support over mail; but maybe someone in this forum has some more information about that situation?
This leak has about 89400 entries. Name, address, date of birth, phone number, email address, sign-up date, newsletter, and the first two and last four digits of the card you registered at first.
As by now I think nobody knows if this is just an excerpt or there is an additional list with more creditcard information.
In my opinion the best thing to do is to lock your card and order a new one.
That’s right, best thing to do right now is to lock your card in your app and get in touch with support at firstname.lastname@example.org.
We are investigating the breach and when we have new information we will update our customers.
Hey, did you register your card with MasterCard Priceless which is available in Germany. If you did, this should explain why it was compromised as MasterCard just experienced a “hack”.
my card could also be compromised as I have signed up for MasterCard Priceless Specials program in germany. Although I haven’t received any notification from curve I locked my card and claimed the compromise to curve by myself.
No German MasterCard program for me. Also no
Update from curve support as to why.
Hey everyone! We have an update regarding the MasterCard “Priceless Specials” programme data breach. We can confirm that this has affected a small percentage of Curve customers and we are contacting them and reissuing their cards in the coming days. If you have any concerns, please contact us via email@example.com
I can also confirm that my cc number is on the publicly leaked list, without cvc or exp date, but just because its not there online doesnt mean the hackers don’t have it.
IF they don’t have the exp date they could still try out a few (most cards expire within the next few years) but afaik the Curve anti fraud system is really really good when it comes to several attempts using wrong exp date. Curves uses AFAIK https://sift.com/products/payment-protection to identify frauds, so Curve can lock the account even without the need to instantly send out a new card in case there is something fishy going on.
And KUDOS to Curve of being so proactive on this! I’ve read through all posts on the german online blogs where this priceless hack is discussed, many German banks do NOT send out a replacement card without any proof and they all claim they haven’t received a single word from Mastercard yet regarding a leak / hack so they won’t act before they get something official from MC.
Many banks wont even pay for the replacement card fee until they hear an official word from MC even thou the MC numbers can be publicly accesses in plain text online!
So “Cui honorem, honorem” to Curve for being so proactive on this, this is exactly what I want from a modern bank / modern fintech / modern payment partner.
And to all Curve users who have no idea what we’re talking about.
If you have not registered yourself on https://specials.mastercard.de you are NOT affected.
gosh, I register Priceless just last week, but I have not received any contact for the data breach. I suppose I am not affected?
I think you should contact support either in-app or at firstname.lastname@example.org
I received a warning message from support wanting to reissue my card but I have never registered for the Priceless Specials and am not a German Curve user.
Is there a different security breach we should be aware of?
There’s no other breaches. We contacted customers based on card number we received from Mastercard. Please do get in touch with support so they can investigate why you were contacted.
Has anyone received his new curve cars, yet?
I’d hope it arrives tomorrow so I can use it on holidays.
On Tuesday 27th August, we will automatically issue you a new Curve card and block your current card. It may take 7 to 10 days for your card to arrive, so please make sure you have a back-up card with you during this time.
I’m afraid the 7 to 10 days start when they blocked the old card and not on friday when they sent the email. But I hope the same as I go on holiday tomorrow.
I’ve blocked the card and contacted support on Monday and they issued the card on 22th August.
So it might be possible. Just checking for people who also contacted support at first.
I’ve tried the same but was told to wait until all affected users are notified.
I had another card replacement a few weeks ago and the new card took exactly one week to arrive (in Germany).
Since Thursday my old card was deleted so it might been send out earlier.