Credit card breach feared

BJ's Wholesale Club, others warn of possible theft of personal data

Link to transactions found

March 20, 2004|By Dan Thanh Dang | Dan Thanh Dang,SUN STAFF

Several credit-card companies, financial institutions and BJ's Wholesale Club continued to warn consumers this week that a possible security breach of the Massachusetts retailer's computer system may have resulted in credit-card information theft.

It is believed that a small fraction of BJ's 8 million members - possibly hundreds of people - were affected by the database breach.

In a letter to its customers this week, M&T Bank Corp. said it did not receive the name of the retailer, but was told by Visa USA that some fraudulent transactions believed to be associated with the incident had been reported in the United States, Europe and the Asian Pacific region.

"We notified our customers via letter and informed them that they are receiving a new card," Michael Zabel, an M&T spokesman said yesterday. "Those cards are being sent as we speak. As we do in all cases, we're telling our customers to monitor your accounts, check your monthly statements and if you bank online, check your on-line accounts. It's advice we always give."

A BJ's spokeswoman said yesterday that a review of its technology systems by an outside computer security firm found that the breach did not occur at the company's central computer system. It was inconclusive, however, whether computer systems at its 150 wholesale clubs and 78 gas stations were penetrated, according to the review.

"We are confident in the current safety and integrity of our systems. This type of crime is the fastest-growing crime in America and is a major concern for all retailers, including BJ's," Bob Hamilton, vice president of loss prevention at BJ's, said in a statement released last week. "While it is not industry practice for retailers to bring information like this to its consumers, we feel our members should be aware of this issue."

BJ's said it has tightened its security and shut down store-level computer systems to limit access. The company is also working with credit-card companies and law enforcement agencies investigating the case. The BJ's spokeswoman interviewed yesterday declined to reveal further details, but said several banks and credit-card companies were affected.

Two small banks in upstate New York, also the home base of M&T, were also affected, MSNBC reported.

MasterCard International said it also notified its banks of the problem, but did not identify the retailer involved. Visa and MasterCard are continuing to monitor the situation.

In letter Monday to customers, M&T Vice President Thomas J. O'Reilly Jr. said Visa had notified the bank that an unauthorized user had "recently accessed a database of a major U.S. retailer. That database contained credit card and debit card information, including your M&T Check Card referenced above."

M&T had not received the name of the retailer, O'Reilly said in the letter, but was told that no personal information such as names, addresses, or any other data was obtained.

M&T encouraged customers to review their monthly statements and obtain a replacement card with a new account number to minimize the potential of unauthorized transactions on the account.

BJ's members who have questions or concerns can call 1(800)BJSCLUB or 1(800)257-2582.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.