Sam's Club, CC #'s and more?, they're not saying
American Banker(12/7/2005) reports [warning: paywall] on the tight-lipped reaction of Sam’s Club, MasterCard, and Visa to a recent data breach involving credit and debit card mag stripe data from Sam’s Club gas stations. The affected cards seem to have been primarily from two issuers, and hundreds of actual frauds have already occurred. Nobody is talking about how many credit and debit card numbers may actually have been revealed, but according to one banker “frauds occurred in Illinois, New York, Maryland, California, Spain, and Korea”.
A little fair-use sample:
A payment-card information breach at Wal-Mart Stores Inc.’s Sam’s Club division likely exposed the data of many more customers beyond the several hundred fraud victims cited by the retailer in a statement late last week.
Wal-Mart, MasterCard International, and Visa U.S.A. all declined to provide details beyond brief statements, including any estimate of the number of customers whose account data had been exposed. Sam’s Club said the breach left “approximately 600” known fraud victims in its wake. But interviews with numerous bankers the card companies have contacted about the incident, as well as other industry observers, make clear that the number of data files compromised was probably much higher.
Executives at issuing banks say Visa sent them notifications last week that certain accounts were at risk as a result of the breach. Visa’s memo, which was sent before the retailer’s disclosure, did not mention Sam’s Club by name, but most of the issuers said they believed it concerned the Sam’s Club breach. Some issuers also said they received a notice from MasterCard.
Visa declined to tell [a banker interviewed for the story] the number of accounts that had been exposed, and that not knowing the full extent had made it difficult for his company to decide whether to reissue the affected cards. “I just want to know the breadth and scope of this thing,” he said, to “make a business decision” about whether to reissue the cards or to monitor the accounts more closely.
Paging Bob Sullivan….Bob Sullivan to the red phone, please…
Update: Sam’s Club press release from 12/2/2005.