MasterCard has notified data protection officials in Germany and Belgium of the breach of its customer data, which was detected by the company earlier this week.
The Belgian watchdog said in a statement that the card company alerted it to a breakthrough discovered on August 19, saying it had affected a large number of customer data, especially those in Germany.
MasterCard is investigating the case, has already taken remedial steps and deleted any personal data posted online.
The EU’s data protection rules oblige companies to notify regulators of any possible data breaches within 72 hours and to inform affected customers if the violation poses a potential risk to them.
EU laws, which have been in force since May 2018, also give the bloc’s privacy regulators new powers to fine companies up to 4% of annual sales for the most serious violations.
“The incident has nothing to do with the MasterCard payment network,” he said in a statement. “We take privacy and security very seriously and take every step possible to investigate and solve the problem.”
“We have received a lot of questions and complaints since the incident was announced and we want to reassure users,” said David Stevens, head of the Belgian Data Protection Authority.
“We have been in contact with MasterCard for additional information and the regulator is closely following the case with the Data Protection Authority and all other relevant authorities,” Stevens said.