Mastercard
Company Details
Linkedin ID:
mastercard
Website:
Employees number:
42,954
Number of followers:
2,111,072
NAICS:
5415
Industry Type:
Homepage:
mastercard.com
IP Addresses:
580
Company ID:
MAS_1836809
Scan Status:
Completed
Mastercard Company CyberSecurity Posture
mastercard.com
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Mastercard A.I CyberSecurity Scoring
Mastercard Risk Score (AI oriented)Between 800 and 849
Mastercard
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Mastercard Global Score (TPRM)XXXX
Mastercard
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Mastercard Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Mastercard
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Mastercard disclosed a data breach involving customer data from the company's Priceless Specials loyalty program. The data was made available on the Internet, with customers' names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth included in the leaked info. The incident was limited to the Specials program and the only payment card information leaked was the numbers of payment cards. After the data leak was discovered, Mastercard suspended the German Priceless Specials and took down its website, leaving up only a message that said this issue has no connection to MasterCard's payment network.
Mastercard
Ransomware
Rankiteo Explanation
N/A
Description: During the COVID-19 pandemic, Belgium experienced a significant increase in cybercrime, with businesses facing up to three times more cyberattacks compared to the pre-pandemic period. Mastercard's analysis revealed that malware, ransomware, and social engineering were the predominant forms of attack targeting Belgian businesses, aiming primarily to extract information. Notably, almost 1,000 Belgian businesses suffered cyberattacks in 2021, highlighting the critical importance of cybersecurity measures. The banking sector, however, demonstrated robustness with a higher cybersecurity score than the global and European averages, attributed to heavy investment in infrastructure and artificial intelligence tools for improved protection. This scenario underscores the relentless threat of cybercrime and the vital need for comprehensive cybersecurity strategies to safeguard businesses from potential attacks.
Mastercard Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Mastercard
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Mastercard in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Mastercard in 2025.
Incident Types Mastercard vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Mastercard in 2025.
Incident History — Mastercard (X = Date, Y = Severity)
Mastercard cyber incidents detection timeline including parent company and subsidiaries
Mastercard Company Subsidiaries
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Loading...
Mastercard Similar Companies
Insights you can act on to achieve trusted outcomes. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across 21 industry sectors and 400 locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are in
Accenture in India
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology and Operations services — all powered by the w
ITC Infotech
ITC Infotech is a global technology solution and services leader providing business-friendly solutions, that enable future-readiness for clients. We seamlessly bring together digital expertise, strong industry-specific alliances, and deep domain expertise from ITC Group businesses. Our solutions and
TIVIT
TIVIT is a Brazil-based multinational company that offers enterprise-level digital solutions, and operates in ten countries in Latin America. We help our clients develop their businesses by offering industry-leading digital solutions divided into four main categories: Digital Business, Cloud Solutio
Luxoft
Luxoft, a DXC Technology Company (NYSE: DXC), is a digital strategy and software engineering firm providing bespoke technology solutions that drive business change for customers the world over. Acquired by U.S. company DXC Technology in 2019, Luxoft is a global operation in 44 cities and 21 countrie
Atos
Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is c
Hexaware Technologies
At Hexaware, we're not just a global technology and business process services company; we're a community of 31,600+ Hexawarians dedicated to one singular purpose: creating smiles through the power of great people and technology. With a presence in 58 offices across 28 countries, we empower enterpris
Artificial Intelligence. Automation. Cloud engineering. Advanced analytics. For business leaders, these are key factors of success. For us, they’re our core expertise. At Sutherland, we are a leading global business and digital transformation partner. Our services span a diversified range of categ
Zensar Technologies
Zensar stands out as a premier technology consulting and services company, embracing an ‘experience-led everything’ philosophy. We are creators, thinkers, and problem solvers passionate about designing digital experiences that are engineered into scale-ready products, services, and solutions to deli
.png)
Mastercard CyberSecurity News
November 20, 2025 09:13 AM
Mastercard moves to enhance cybersecurity co-op in Azerbaijan’s non-financial sector (Exclusive)
BAKU, Azerbaijan, November 20. Mastercard intends to strengthen its cybersecurity cooperation in Azerbaijan not only with banks but also...
November 20, 2025 07:06 AM
Reshat Kokchen: 12% of cyberattacks on Azerbaijan are directed at banking sector
One in eight cyberattacks on Azerbaijan directly targets the banking sector, and this trend fully coincides with the global trend,...
November 19, 2025 01:35 PM
Mastercard’s Hacker Warning: Beware of Deals, Discounts, & Data Thieves
This week in cybersecurity from the editors at Cybercrime Magazine.
November 17, 2025 09:59 AM
The Government of Ukraine and Mastercard Launch Digital Country Partnership
The Government of Ukraine and Mastercard, a global technology company in payments industry, have signed a Memorandum of Understanding to...
November 04, 2025 08:00 AM
How governments and industry can build trust in cybersecurity
Because it sits at the intersection of technology, trust and commerce, Mastercard can anticipate the threats before they emerge and ensure the...
November 04, 2025 04:24 AM
Mastercard unveils AI-driven threat intel to fight payment fraud
Mastercard has introduced Mastercard Threat Intelligence, the first threat intelligence solution designed specifically for payment systems.
November 03, 2025 08:00 AM
Small business cybersecurity: Address rising cyber threats
A white paper series based on Mastercard's global small business cybersecurity research reveals the impact of cyber threats and practical...
October 31, 2025 07:00 AM
How is Mastercard Preventing Payment Fraud at Scale?
Announcing Threat Intelligence at Money 20/20 US, Mastercard showcases its latest technology in preventing fraud, combining insights from...
October 31, 2025 07:00 AM
In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution
Several interesting Android malware families, UN cybercrime treaty, criminal complaint against Clearview AI in Europe.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Mastercard CyberSecurity History Information
Official Website of Mastercard
The official website of Mastercard is http://www.mastercard.com.
Mastercard’s AI-Generated Cybersecurity Score
According to Rankiteo, Mastercard’s AI-generated cybersecurity score is 821, reflecting their Good security posture.
How many security badges does Mastercard’ have ?
According to Rankiteo, Mastercard currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Mastercard have SOC 2 Type 1 certification ?
According to Rankiteo, Mastercard is not certified under SOC 2 Type 1.
Does Mastercard have SOC 2 Type 2 certification ?
According to Rankiteo, Mastercard does not hold a SOC 2 Type 2 certification.
Does Mastercard comply with GDPR ?
According to Rankiteo, Mastercard is not listed as GDPR compliant.
Does Mastercard have PCI DSS certification ?
According to Rankiteo, Mastercard does not currently maintain PCI DSS compliance.
Does Mastercard comply with HIPAA ?
According to Rankiteo, Mastercard is not compliant with HIPAA regulations.
Does Mastercard have ISO 27001 certification ?
According to Rankiteo,Mastercard is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Mastercard
Mastercard operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Mastercard
Mastercard employs approximately 42,954 people worldwide.
Subsidiaries Owned by Mastercard
Mastercard presently has no subsidiaries across any sectors.
Mastercard’s LinkedIn Followers
Mastercard’s official LinkedIn profile has approximately 2,111,072 followers.
NAICS Classification of Mastercard
Mastercard is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Mastercard’s Presence on Crunchbase
No, Mastercard does not have a profile on Crunchbase.
Mastercard’s Presence on LinkedIn
Yes, Mastercard maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mastercard.
Cybersecurity Incidents Involving Mastercard
As of November 27, 2025, Rankiteo reports that Mastercard has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Mastercard has an estimated 36,262 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Mastercard ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Data Leak.
How does Mastercard detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with suspended the german priceless specials, containment measures with took down its website..
Incident Details
Can you provide details on each incident ?
Title: Mastercard Data Breach
Description: Mastercard disclosed a data breach involving customer data from the company's Priceless Specials loyalty program. The data was made available on the Internet, with customers' names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth included in the leaked info. The incident was limited to the Specials program and the only payment card information leaked was the numbers of payment cards. After the data leak was discovered, Mastercard suspended the German Priceless Specials and took down its website, leaving up only a message that said this issue has no connection to MasterCard's payment network.
Type: Data Breach
Title: Increased Cyberattacks on Belgian Businesses During COVID-19 Pandemic
Description: During the COVID-19 pandemic, Belgium experienced a significant increase in cybercrime, with businesses facing up to three times more cyberattacks compared to the pre-pandemic period. Mastercard's analysis revealed that malware, ransomware, and social engineering were the predominant forms of attack targeting Belgian businesses, aiming primarily to extract information. Notably, almost 1,000 Belgian businesses suffered cyberattacks in 2021, highlighting the critical importance of cybersecurity measures. The banking sector, however, demonstrated robustness with a higher cybersecurity score than the global and European averages, attributed to heavy investment in infrastructure and artificial intelligence tools for improved protection. This scenario underscores the relentless threat of cybercrime and the vital need for comprehensive cybersecurity strategies to safeguard businesses from potential attacks.
Type: malware
Attack Vector: malwareransomwaresocial engineering
Motivation: Information Extraction
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MAS05510423
Data Compromised: Customer names, Payment card numbers, Email addresses, Home addresses, Phone numbers, Gender, Dates of birth
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Names, Payment Card Numbers, Email Addresses, Home Addresses, Phone Numbers, Gender, Dates Of Birth and .
Which entities were affected by each incident ?
Incident : Data Breach MAS05510423
Entity Name: Mastercard
Entity Type: Financial Services
Industry: Financial Services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MAS05510423
Containment Measures: Suspended the German Priceless SpecialsTook down its website
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MAS05510423
Type of Data Compromised: Customer names, Payment card numbers, Email addresses, Home addresses, Phone numbers, Gender, Dates of birth
Personally Identifiable Information: customer namesemail addresseshome addressesphone numbersgenderdates of birth
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by suspended the german priceless specials, took down its website and .
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : malware MAS914050624
Recommendations: Heavy investment in infrastructure, Use of artificial intelligence tools for improved protectionHeavy investment in infrastructure, Use of artificial intelligence tools for improved protection
References
Where can I find more information about each incident ?
Incident : malware MAS914050624
Source: Mastercard's analysis
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Mastercard's analysis.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were customer names, payment card numbers, email addresses, home addresses, phone numbers, gender, dates of birth and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Suspended the German Priceless SpecialsTook down its website.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were dates of birth, gender, payment card numbers, email addresses, home addresses, phone numbers and customer names.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Use of artificial intelligence tools for improved protection and Heavy investment in infrastructure.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Mastercard's analysis.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mastercard' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
