Mastercard
Company Details
Linkedin ID:
mastercard
Website:
Employees number:
42,954
Number of followers:
2,111,072
NAICS:
5415
Industry Type:
Homepage:
mastercard.com
IP Addresses:
580
Company ID:
MAS_1836809
Scan Status:
Completed
Mastercard Company CyberSecurity Posture
mastercard.com
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Mastercard A.I CyberSecurity Scoring
Mastercard Risk Score (AI oriented)Between 800 and 849
Mastercard
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Mastercard Global Score (TPRM)XXXX
Mastercard
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Mastercard Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Mastercard
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Mastercard disclosed a data breach involving customer data from the company's Priceless Specials loyalty program. The data was made available on the Internet, with customers' names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth included in the leaked info. The incident was limited to the Specials program and the only payment card information leaked was the numbers of payment cards. After the data leak was discovered, Mastercard suspended the German Priceless Specials and took down its website, leaving up only a message that said this issue has no connection to MasterCard's payment network.
Mastercard
Ransomware
Rankiteo Explanation
N/A
Description: During the COVID-19 pandemic, Belgium experienced a significant increase in cybercrime, with businesses facing up to three times more cyberattacks compared to the pre-pandemic period. Mastercard's analysis revealed that malware, ransomware, and social engineering were the predominant forms of attack targeting Belgian businesses, aiming primarily to extract information. Notably, almost 1,000 Belgian businesses suffered cyberattacks in 2021, highlighting the critical importance of cybersecurity measures. The banking sector, however, demonstrated robustness with a higher cybersecurity score than the global and European averages, attributed to heavy investment in infrastructure and artificial intelligence tools for improved protection. This scenario underscores the relentless threat of cybercrime and the vital need for comprehensive cybersecurity strategies to safeguard businesses from potential attacks.
Mastercard Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Mastercard
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Mastercard in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Mastercard in 2025.
Incident Types Mastercard vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Mastercard in 2025.
Incident History — Mastercard (X = Date, Y = Severity)
Mastercard cyber incidents detection timeline including parent company and subsidiaries
Mastercard Company Subsidiaries
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Loading...
Mastercard Similar Companies
Apex Systems
Apex Systems is a leading global technology services firm that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions. We offer a continuum of services, specializing in strategy, transformation, and managed services across application development
LexisNexis
LexisNexis Legal & Professional is a leading global provider of legal, regulatory and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world. We help lawyers win cases, manage their work more e
SoftwareOne
SoftwareOne is a leading global software and cloud solutions provider that is redefining how companies build, buy and manage everything in the cloud. By helping clients to migrate and modernize their workloads and applications – and in parallel, to navigate and optimize the resulting software and cl
As a global leader in information and analytics, Elsevier helps researchers and healthcare professionals advance science and improve health outcomes for the benefit of society. We do this by facilitating insights and critical decision-making for customers across the global research and health ecosys
As No. 1, we inspire people in the connected world. With the latest technologies and innovations, together we have the opportunity to shape the future. To do this, we are and act trustworthy, committed and curious. Are you with us? Join us on this exciting journey and work with us or in one of the
Engineering Group
Engineering Group is the Digital Transformation Company, leader in Italy and expanding its global footprint, with around 14,000 associates and with over 80 offices spread across Europe, the United States, and South America and global delivery. The Engineering Group, consisting of over 70 companies
inDrive is a global mobility and urban services platform. The inDrive app has been downloaded over 360 million times, and has been the second most downloaded mobility app for the third consecutive year. In addition to ride-hailing, inDrive provides an expanding list of urban services, including inte
Birlasoft
Navigating Change. Powering Progress. | Reimagining the Future with Birlasoft Birlasoft, a powerhouse where domain expertise, enterprise solutions, and digital technologies converge to redefine business processes. We take pride in our consultative and design thinking approach, driving societal pro
Kyndryl
We have the world’s best talent that design, run, and manage the most advanced and reliable technology infrastructure each day. Together, we think holistically about the health of these vital technology ecosystems. We are a focused, independent company that builds on our foundation of excellence by
.png)
Mastercard CyberSecurity News
December 04, 2025 10:15 PM
Mastercard launches card with integrated cybersecurity solutions.
Mastercard has enhanced its card for small and medium-sized enterprises (SMEs) by integrating protection tools directly into the payment...
December 03, 2025 06:31 PM
Mastercard Unveils SME Card With Built-in Cybersecurity Solutions to Help Small and Medium Businesses Thrive in the Digital Economy
Today, Mastercard enhanced its credit card value proposition for small and medium-sized enterprises (SMEs) in Latin America and the...
December 03, 2025 05:10 AM
Mastercard unveils SME card with built-in cybersecurity solutions
MIAMI, FLORIDA: Small and medium-sized enterprises (SMEs) across Latin America and the Caribbean (LAC) are set to gain stronger protection...
December 02, 2025 06:03 PM
Mastercard unveils SME card with built-in cybersecurity solutions to help SMEs thrive in the digital economy
The innovative features, including My Cyber Risk and Identity Theft Protection, help protect SMEs from growing cyber threats while...
November 27, 2025 09:05 AM
Staying Ahead of Cyber Threats: Mastercard Survey Reveals Emerging Concerns Among Consumers in Latin America and the Caribbean
Mastercard has released the findings of its latest regional survey focused on cybersecurity sentiment across Latin America and the...
November 19, 2025 08:00 AM
Mastercard’s Hacker Warning: Beware of Deals, Discounts, & Data Thieves
This week in cybersecurity from the editors at Cybercrime Magazine.
November 17, 2025 08:00 AM
The Government of Ukraine and Mastercard Launch Digital Country Partnership
The Government of Ukraine and Mastercard, a global technology company in payments industry, have signed a Memorandum of Understanding to...
November 13, 2025 08:00 AM
The Government of Ukraine and Mastercard Launch Digital Country Partnership
November 13, 2025 – The Government of Ukraine and Mastercard, a global technology company in payments industry, have signed a Memorandum of Understanding to...
November 06, 2025 08:00 AM
How payment threat intelligence helps banks fight fraud faster
Fraudsters are using advanced tactics like deepfakes, infostealers and AI-driven bots to increase the speed and scale of their attacks.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Mastercard CyberSecurity History Information
Official Website of Mastercard
The official website of Mastercard is http://www.mastercard.com.
Mastercard’s AI-Generated Cybersecurity Score
According to Rankiteo, Mastercard’s AI-generated cybersecurity score is 821, reflecting their Good security posture.
How many security badges does Mastercard’ have ?
According to Rankiteo, Mastercard currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Mastercard have SOC 2 Type 1 certification ?
According to Rankiteo, Mastercard is not certified under SOC 2 Type 1.
Does Mastercard have SOC 2 Type 2 certification ?
According to Rankiteo, Mastercard does not hold a SOC 2 Type 2 certification.
Does Mastercard comply with GDPR ?
According to Rankiteo, Mastercard is not listed as GDPR compliant.
Does Mastercard have PCI DSS certification ?
According to Rankiteo, Mastercard does not currently maintain PCI DSS compliance.
Does Mastercard comply with HIPAA ?
According to Rankiteo, Mastercard is not compliant with HIPAA regulations.
Does Mastercard have ISO 27001 certification ?
According to Rankiteo,Mastercard is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Mastercard
Mastercard operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Mastercard
Mastercard employs approximately 42,954 people worldwide.
Subsidiaries Owned by Mastercard
Mastercard presently has no subsidiaries across any sectors.
Mastercard’s LinkedIn Followers
Mastercard’s official LinkedIn profile has approximately 2,111,072 followers.
NAICS Classification of Mastercard
Mastercard is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Mastercard’s Presence on Crunchbase
No, Mastercard does not have a profile on Crunchbase.
Mastercard’s Presence on LinkedIn
Yes, Mastercard maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mastercard.
Cybersecurity Incidents Involving Mastercard
As of December 11, 2025, Rankiteo reports that Mastercard has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Mastercard has an estimated 37,490 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Mastercard ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Ransomware.
How does Mastercard detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with suspended the german priceless specials, containment measures with took down its website..
Incident Details
Can you provide details on each incident ?
Title: Mastercard Data Breach
Description: Mastercard disclosed a data breach involving customer data from the company's Priceless Specials loyalty program. The data was made available on the Internet, with customers' names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth included in the leaked info. The incident was limited to the Specials program and the only payment card information leaked was the numbers of payment cards. After the data leak was discovered, Mastercard suspended the German Priceless Specials and took down its website, leaving up only a message that said this issue has no connection to MasterCard's payment network.
Type: Data Breach
Title: Increased Cyberattacks on Belgian Businesses During COVID-19 Pandemic
Description: During the COVID-19 pandemic, Belgium experienced a significant increase in cybercrime, with businesses facing up to three times more cyberattacks compared to the pre-pandemic period. Mastercard's analysis revealed that malware, ransomware, and social engineering were the predominant forms of attack targeting Belgian businesses, aiming primarily to extract information. Notably, almost 1,000 Belgian businesses suffered cyberattacks in 2021, highlighting the critical importance of cybersecurity measures. The banking sector, however, demonstrated robustness with a higher cybersecurity score than the global and European averages, attributed to heavy investment in infrastructure and artificial intelligence tools for improved protection. This scenario underscores the relentless threat of cybercrime and the vital need for comprehensive cybersecurity strategies to safeguard businesses from potential attacks.
Type: malware
Attack Vector: malwareransomwaresocial engineering
Motivation: Information Extraction
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MAS05510423
Data Compromised: Customer names, Payment card numbers, Email addresses, Home addresses, Phone numbers, Gender, Dates of birth
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Names, Payment Card Numbers, Email Addresses, Home Addresses, Phone Numbers, Gender, Dates Of Birth and .
Which entities were affected by each incident ?
Incident : Data Breach MAS05510423
Entity Name: Mastercard
Entity Type: Financial Services
Industry: Financial Services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MAS05510423
Containment Measures: Suspended the German Priceless SpecialsTook down its website
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MAS05510423
Type of Data Compromised: Customer names, Payment card numbers, Email addresses, Home addresses, Phone numbers, Gender, Dates of birth
Personally Identifiable Information: customer namesemail addresseshome addressesphone numbersgenderdates of birth
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by suspended the german priceless specials, took down its website and .
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : malware MAS914050624
Recommendations: Heavy investment in infrastructure, Use of artificial intelligence tools for improved protectionHeavy investment in infrastructure, Use of artificial intelligence tools for improved protection
References
Where can I find more information about each incident ?
Incident : malware MAS914050624
Source: Mastercard's analysis
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Mastercard's analysis.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were customer names, payment card numbers, email addresses, home addresses, phone numbers, gender, dates of birth and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Suspended the German Priceless SpecialsTook down its website.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were customer names, dates of birth, home addresses, gender, payment card numbers, phone numbers and email addresses.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Use of artificial intelligence tools for improved protection and Heavy investment in infrastructure.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Mastercard's analysis.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mastercard' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
