NEW YORK -- The entire credit card industry risks losses from an elaborate electronic fraud being investigated in San Diego, according to law enforcement authorities there.
A band of sophisticated computer tinkerers, known as hackers, allegedly invaded the data bases of credit reporting agencies to obtain valid credit card numbers, then used the numbers to make transactions that were cleared through the credit card payment systems.
The extent and cost of the fraud are not known, but San Diego police say computer hackers in that city may have made millions of dollars of fraudulent purchases using credit card numbers stolen from Atlanta-based Equifax Credit Information Services Inc.
"Any bank that issues a credit card could be a victim of this," said Dennis Sadler, a San Diego police detective who is leading the investigation.
The hackers also reportedly made fraudulent long-distance telephone calls, and might have broken into automated teller machines.
Equifax's credit-reporting competitors -- led by TRW and Trans Union -- might also have been victims of the scam, Detective Sadler said. Equifax is the only company that has confirmed that its systems were violated.
Tom Robb, an Equifax senior vice president, said the San Diego hackers apparently broke into 12 electronic files maintained by the company.
Any bank that issued a credit card to a person named in those files could have been hit with a fraudulent purchase.
Detective Sadler declined to name the banks that San Diego police know have been defrauded. He said no arrests have been made but that police expect to make some within a few months.
The hacker ring in San Diego may have been involved with two hackers recently arrested in the Dayton, Ohio, area and with others being investigated in New York, Philadelphia and Seattle.
Mr. Robb said the San Diego ring is not the first to break into Equifax's computers. In February, a hacker in Cincinnati did so.
But Mr. Robb said hacker break-ins are rare and that Equifax is upgrading its security.
Warner Brown, regional security director for MasterCard International in Los Angeles, said that in accordance with system authorization rules, banks and their insurers will have to cover any fraudulent purchases they approved.