[ISN] Visa cards violated: BofA is reissuing after hack attack

From: InfoSec News (isn@private)
Date: Mon Apr 19 2004 - 01:59:20 PDT

  • Next message: InfoSec News: "[ISN] How secure is your handheld?"

    http://business.bostonherald.com/technologyNews/view.bg?articleid=439
    
    By Jay Fitzgerald
    April 16, 2004
    
    Holders of Fleet Visa business credit cards may be the latest victims
    of hackers who possibly got hold of sensitive card numbers via a
    merchant's computer system, officials acknowledged yesterday.
         
    Fleet Credit Card Services, now part of Bank of America [BAC:  chart,
    news] Corp. after this month's takeover of FleetBoston Financial Corp.
    [FBF: chart, news] , is sending new cards to an unspecified number of
    customers because of a security breach at an unnamed merchant.
         
    Deborah Pulver, the spokeswoman, wouldn't say how many customers will
    get new cards and account numbers.
         
    ``It's a very small portion of our business accounts,'' she said.  
    ``There was some type of compromise'' apparently tied to Visa.
         
    In a statement to the Herald yesterday, Visa USA confirmed that it was
    ``recently notified by a U.S. merchant that it may have experienced a
    data security breach resulting in the compromise of Visa card account
    information.'' A Visa spokesman would not elaborate.
         
    Officials declined to say if the latest incident is tied to a recent
    theft of credit card numbers at Natick-based BJ's Wholesale Club Inc.
    On March 12, BJ's warned that a ``few hundred'' of its 8 million
    members had their credit card numbers stolen in a possible systems
    breach.
         
    Citizens Bank, Washington Trust Bancorp, of Rhode Island, and Navy
    Federal Credit Union in Virginia were among the firms that issued new
    credit cards and account numbers after BJ's disclosure.
         
    Amy Russ, a BJ's spokeswoman, said yesterday that she couldn't comment
    on the matter.
         
    Douglas Devitt, a co-owner of Voyager Sound Inc., a Weston software
    developer, said he recently got a letter, dated April 9, from Fleet
    saying his Fleet Platinum Visa business card account may have been one
    of those obtained by an ``unauthorized party.'' The letter stresses
    that there's no actual sign of ``fraudulent activity'' in the account,
    but that the card would be replaced anyway.
         
    Devitt said he's a member of BJ's, but had never used that specific
    Fleet card at BJ's. About a month ago, he said, Fleet issued him a new
    business credit card due to a possibly unrelated fraud case in which
    his account was improperly charged $1,200.
         
    Now Fleet is replacing his card for the second time in a month, he
    said. ``I'm just glad someone is watching out'' for his interests, he
    said.
         
    Devitt said he talked to one person at Fleet who told him that the
    latest incident involved ``Nigerian mafia'' hackers. But Fleet's
    Pulver said there was no Nigerian connection to her knowledge.
         
    Richard Smith, an Internet security consultant in Brookline, said he
    knows no details about the BJ's and Fleet incidents.
          
    But he said merchants in general are often the ``weak link'' in the
    credit-card security system. ``The credit-card system has many players
    involved,'' he said, noting there have been infamous cases of Russian
    and Eastern European hackers stealing U.S. credit card numbers.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon Apr 19 2004 - 04:53:13 PDT