On November 14, 2016, TSYS Merchant Solutions experienced a data breach when a TIN Mismatch file containing sensitive merchant information was accidentally sent to an unauthorized bank representative. The exposed data included Merchant Identification Numbers (MIDs) and Tax Identification Numbers (TINs), which are critical for financial and tax-related operations. The breach was reported to the California Office of the Attorney General on December 5, 2016. While the incident did not involve a malicious cyber attack or ransomware, the unauthorized disclosure of such information posed risks to the affected merchants, including potential financial fraud, identity theft, or reputational harm. The breach stemmed from an internal procedural error, highlighting vulnerabilities in data handling and access controls. Although no evidence suggested the data was exploited, the exposure of tax and merchant identifiers could lead to regulatory scrutiny and loss of trust among business partners. The incident underscores the importance of secure file-sharing protocols and employee training to prevent accidental disclosures of sensitive financial data. While the immediate financial impact may have been limited, the long-term consequences could include compliance penalties, increased operational costs for remediation, and damage to the company’s reputation as a trusted payment processor.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-65177
TPRM report: https://www.rankiteo.com/company/termnet-merchant-services-inc.
"id": "ter1009090725",
"linkid": "termnet-merchant-services-inc.",
"type": "Breach",
"date": "11/2016",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Financial Services',
'location': 'United States (California)',
'name': 'TSYS Merchant Solutions',
'type': 'Payment Processor'}],
'attack_vector': 'Human Error (Inadvertent Data Sharing)',
'data_breach': {'data_exfiltration': 'No (Inadvertent Disclosure)',
'file_types_exposed': ['TIN Mismatch File'],
'personally_identifiable_information': 'Yes (Tax '
'Identification '
'Numbers)',
'sensitivity_of_data': 'High (Financial/PII)',
'type_of_data_compromised': ['Merchant Identification Numbers',
'Tax Identification Numbers']},
'date_detected': '2016-11-14',
'date_publicly_disclosed': '2016-12-05',
'description': 'The California Office of the Attorney General reported a data '
'breach involving TSYS Merchant Solutions on December 5, 2016. '
'The breach occurred on November 14, 2016, when a TIN Mismatch '
'file including merchant information was inadvertently sent to '
'an unauthorized bank representative, potentially affecting '
'sensitive information such as Merchant Identification Numbers '
'and Tax Identification Numbers.',
'impact': {'data_compromised': ['Merchant Identification Numbers',
'Tax Identification Numbers']},
'post_incident_analysis': {'root_causes': 'Human error (inadvertent '
'disclosure of sensitive file to '
'unauthorized recipient)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'TSYS Merchant Solutions Data Breach (2016)',
'type': 'Data Breach (Unauthorized Disclosure)'}