Complaint resolution service publishes case studies, recall information and consumer news.

CardSystems Solutions, a company that processes credit card payments, reported that credit card security was breached in its computer systems. Information for up to 40 million credit cards may have been taken from the system, the company announced, as the result of a computer break-in identified on Sunday May 22. The company reportedly notified the Federal Bureau of Investigation of the incident on Monday, May 23, but details did not emerge until yesterday.

Credit card issuers were quick to react to the news. MasterCard, which reported that nearly 14 million of the credit cards were MasterCards, reiterated its “Zero Liability” policy, a program that relieves consumers of liability for charges in such matters.

“Hardly a week goes by without startling new examples of breaches of sensitive personal data reminding us how important it is to pass a comprehensive Identity theft prevention bill in Congress quickly,” said Senator Chuck Schumer (D-NY). Consumers’ personal and financial data has become the gold of the 21st century and we need to protect it accordingly.” Schumer is the co-author of a bill that would install various consumer protections in the industry, in addition to creating national standards for handling sensitive consumer information.

Security experts throughout the industry are warning consumers to be especially vigilant now because the CardSystems incident is apparently the work of hackers rather than the loss or exposure of data. “Check your statement at least every month,” advises Joan Bounacos, President of Consumer Help Web, a consumer advocacy company.

Bounacos called on credit card issuers to react faster to threats and notify consumers as soon as their data is exposed. “CardSystems reported that they found the incident on a Sunday, but didn’t report anything to the FBI until Monday,” Bounacos said. “Why expose consumers that additional day? Even though credit card issuers won’t hold consumers liable, the average consumer will spend hours fixing their credit and arranging to have the charges removed. No delay is acceptable.”

Posted under Privacy

Media giant Time Warner announced to employees yesterday that its data storage company had lost a container of backup tapes containing personal information about its past and current employees.

In a letter from Senior Vice President Larry Cockrell, employees were advised that the United States Secret Service was investigating the disappearance. U.S. employees, the only country whose employees were impacted, were offered free credit monitoring services to help them guard against identity theft.

Other organizations reporting data loss in recent months include information brokers ChoicePoint and Lexis Nexis, the University of California at Berkeley, Bank of America and shoe retailer DSW.

Tips consumers can use to help guard against identity theft appeared in this blog entry on February 18, 2005.

Posted under Privacy

Information services company Lexis-Nexis, which admitted last month that its security had been breached, has drastically revised its estimate of the number of consumers impacted.

Lexis-Nexis originally projected in March that 32,000 consumers were affected by multiple security breaches. Today, the company revealed that the actual number was 310,000 — nearly ten times the number of consumers originally thought to be at risk.

The company was quick to point out that no instances of identity theft had been linked to the security breach at its Seisint subsidiary, but consumer advocates warn that identity theft sometimes does not occur for several months after the initial release of information.

Lexis-Nexis announced that it would write an additional 278,000 consumers and notify them of the potential threat to their identity records. The company has previously offered free credit checks to consumers in similar situations.

Posted under Privacy

The Federal Deposit Insurance Commission (FDIC) voted 5-0 today to approve a ruling forcing banks to notify customers when their Social Security number or other identification numbers may have been released or misued by external entities.

The action comes on the heels of Bank of America’s admission that it had lost data tapes with personal records of 1.2 million individuals.

The FDIC ruling, if approved by the Federal Reserve, could cause a significant increase in identity theft disclosures,” said Jim Stickley, Chief Technology Officer of TraceSecurity in a prepared statement. “Today, most large-scale identity thefts go unreported, either because the bank wants to avoid tarnishing their reputation or because they are simply unaware of the breaches. Many banks employ archaic data privacy practices that haven’t kept pace with the evolving threats. The exploits of identity thieves, however, which are often coordinated by international crime syndicates, have become increasingly creative and sophisticated. Many banks are caught in a catch-22 situation: Their customers are demanding greater online access to a broader range of financial services, yet as banks make their services available online to customers, they’re also making them available to thieves.”

Posted under Privacy

Bank of America reported Friday that it had lost data tapes containing financial information for federal employees. Media sources throughout the country put the total number of individuals impacted at 1.2 million, but the company’s press release referred only to “a small number of computer data tapes” and not mentioning the number of people affected.

WNCT television in Greenville, NC called Bank of America and confirmed through a spokesman that the bank would be responsible for any damages caused by the lost information. The Associated Press, meanwhile, reports that Sen. Patrick Leahy (D-Vt), who has been calling for hearings regarding ChoicePoint’s release of 140,000 consumers’ records, was among those federal employees whose records have been lost by Bank of America.

Investors did not seem troubled by the events on Monday, inching the bank’s stock down 14 cents per share to close at $46.55.

Posted under Privacy