The California Office of the Attorney General disclosed a data breach affecting **Discover Financial Services**, which occurred on **February 26, 2016**, but was reported only in **November 2018**. The incident involved unauthorized access to **Discover card account information**, though the exact nature and extent of the compromised data—such as card numbers, expiration dates, or CVV codes—remained unspecified. While there was no explicit confirmation of data theft, the company took precautionary measures by **reissuing new cards** to impacted customers to mitigate potential fraud risks. The breach raised concerns over the **delayed detection and disclosure** (over **two years**), which could have prolonged exposure to fraudulent activities. Although no immediate financial losses or large-scale fraud were publicly documented, the incident highlighted vulnerabilities in Discover’s data security protocols. The lack of clarity on the stolen data also left customers uncertain about the full scope of the risk, potentially damaging trust in the company’s ability to safeguard sensitive financial information.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-142045
TPRM report: https://www.rankiteo.com/company/discover-financial-services
"id": "dis1008091725",
"linkid": "discover-financial-services",
"type": "Breach",
"date": "2/2016",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Banking/Credit Cards',
'location': 'United States (California)',
'name': 'Discover Financial Services',
'type': 'Financial Services'}],
'customer_advisories': ['New cards issued to affected individuals'],
'data_breach': {'data_exfiltration': 'Unclear',
'sensitivity_of_data': 'High (payment-related)',
'type_of_data_compromised': ['Card account information']},
'date_publicly_disclosed': '2018-11-21',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Discover Financial Services. The breach '
'occurred on February 26, 2016, and involved Discover card '
'account information, though the specific data that may have '
'been stolen is unclear. The company is issuing new cards to '
'affected individuals as a precautionary measure.',
'impact': {'data_compromised': ['Discover card account information'],
'identity_theft_risk': 'Potential (unclear specifics)',
'payment_information_risk': 'Potential (unclear specifics)'},
'references': [{'date_accessed': '2018-11-21',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'remediation_measures': ['Issuing new cards to affected '
'individuals']},
'title': 'Discover Financial Services Data Breach (2016)',
'type': 'Data Breach'}