[JURIST] The CEO of CardSystems Solutions Inc. [corporate website], the corporation responsible for a security breach [JURIST report] that may have left up to 40 million credit card owners vulnerable to credit card fraud and identity theft, said Monday that the data stolen was improperly kept and that the records should not have been retained. The files were being saved to use for a study determining why some transactions registered as unauthorized or uncompleted. Rules established by VISA and MasterCard state that credit card processors are prohibited from retaining files after transactions are completed. The FBI advised CardSystems not to release information about the breach [JURIST report], but MasterCard [corporate website] informed its customers [JURIST report] about the stolen records in a press release [text] Friday. Mastercard customers comprise 13.9 percent of those who may be affected by the security breach. The New York Times has more.