The publicly-available data contained credit card numbers, CVVs, expiry dates, names and addresses: more than enough information to make purchases.

There were over 22,000 details listed, of which it is estimated up to 19,000 could be active.

The majority of cards belong to U.S. and U.K. consumers, but a small minority (approximately 60) belong to Australians.

The discovery was made after the I.T. worker received a Google alert for a name. The alert came from an unsecured virtual directory in what appeared to be a defunct credit card processing gateway.

Credit card processing gateways are third party sites which handle transaction processing for online merchants.

Evidently, the site was poorly designed on a number of levels. Industry best practice dictates credit card information should never be stored. Payment systems such as Visa, MasterCard and even PayPal provide mechanisms for the immediate, secure processing of transactions without the need for storing data.

Compounding the problem, the Google search engine located the page as part of its standard web crawl and the cached data was publicly available for some time after the original information was taken down.

The worker did not receive a reply from either Visa or MasterCard when he originally reported the breach. He later posted a notification on Whirlpool and anonymously contacted iTnews.

Police are investigating.

What next?

• Compare all credit cards
• Read other articles
• Read credit card reviews