http://www.miami.com/mld/miamiherald/11437206.htm BY ELAINE WALKER April 20, 2005 If you shopped at the Dadeland DSW Shoe Warehouse during the past two years and paid with a credit card, debit card or check, your credit information is now in the hands of thieves. It is the latest in a rash of security breaches involving personal data that can be used to steal an individual's identity. The shoe retailer didn't offer details of how its computer system was hacked but said the theft included data from 1.4 million credit and debit card transactions and 96,000 check transactions at 108 stores, including those in Miami near Dadeland Mall, Aventura, Davie, Boca Raton and West Palm Beach. The affected transactions occured between mid-November 2004 and mid-February 2005, except at the Dadeland store, where the theft stretched back to early 2003. ''We don't know why that location was targeted,'' said Rob Whitehouse, a DSW spokesman. For each credit or debit card, stolen information included card number, name and transaction amount. Address, PIN numbers and any other personal info was not stolen, the company said. With checks, checking account numbers and driver's licenses were obtained, but not customer names, addresses or Social Security numbers. The DSW thefts are one in a string of recent high-profile incidents involving confidential consumer data. Thieves may have accessed as many as 310,000 Social Security numbers from LexisNexis databases. Earlier this year, the ChoicePoint data clearinghouse revealed thieves posing as legitimate clients bought information on 145,000 people. Bank of America also revealed it ''lost'' computer data tapes with account information on more than one million federal employees. Sen. Bill Nelson, D-Fla., is one of several legislators taking steps to strengthen laws to offer consumers more protection for their personal and financial information. Nelson has introduced a bill that would require the Federal Trade Commission to establish safeguards that would apply to any company warehousing consumer financial data. ''There are millions of Americans right now whose entire life history is flying around in somebody's hands,'' said Dan McLaughlin, a Nelson spokesman. STORES AFFECTED At DSW, neither the Southland Mall location, which was not open in February when the company's computer system got hacked, nor the store at Kendall Ridge Center was hit. Identity theft experts say this didn't have to happen. ''This is sloppy handling of information or poor security procedures,'' said Jay Foley, co-founder of the Identity Theft Resource Center in San Diego, a nonprofit organization that assists victims of identity theft. ``Somewhere there's a flaw in the system if they're allowed to lose this much information.'' Customers who made purchases at DSW stores during the affected time periods are urged to pay close attention to their credit card or bank statements for unusual activity. They should also contact their bank or credit card company for additional guidance. Customers can also check the company's website www.dswshoe.com for more information. ''We understand that our customers feel violated by this criminal act, and we feel the same,'' said a statement from Debbie Ferree, DSW's president. ``Our sincere apologies go out to our customers for the inconvenience this may have caused. We will continue to work with authorities to identify and prosecute those responsible for this crime to the full extent of the law.'' With its rows of discounted men's and women's shoes, DSW is a mecca for shoe lovers. But Lilly Lancent, a South Miami resident who buys shoes at the Dadeland DSW store several times a month, said Tuesday she was shocked to hear the news of the identity theft, especially after using her credit card to buy a new pair of shoes. ''I think customers have a right to know that this is going on,'' said Lancet, clutching a black-and-white striped DSW bag. ``I shouldn't be shopping and putting my trust in a place where things are shady.'' Others said they were aware the store had had problems and have made changes in their purchasing habits. DSW first announced some customer information had been compromised last month. ''I paid with cash because I'd heard about it,'' said Claudia Farfan, an interior designer from Doral, who stopped by the Dadeland store Tuesday between client visits. ``You never know -- it just makes you very cautious.'' UNDER INVESTIGATION DSW said it contacted the U.S. attorney's office and the U.S. Secret Service within 24 hours after discovering the theft. Ray Lopez, assistant to the special agent in charge with the Miami office of the Secret Service confirmed the matter remains under active investigation, but would not discuss the details. The retailer also immediately notified all major credit card companies -- Visa, MasterCard, Discover and American Express -- and provided the companies with the stolen credit and debit card numbers. DSW said it hired a computer security firm to conduct a forensic investigation regarding what happened and take steps to prevent any repeat situations. But the company won't elaborate on the changes that have been made, Whitehouse said. ''We don't want to give them any clues,'' he said. _________________________________________ InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Apr 20 2005 - 16:55:41 PDT