Update: Security breach at Sam's Club exposes credit card data
An unspecified number of consumers have been affected by the breach
Computerworld - Sam's Club, a division of Wal-Mart Stores Inc., is investigating a security breach that has exposed credit card data belonging to an unspecified number of customers who purchased gas at the wholesaler's stations between Sept. 21 and Oct. 2.
In a brief statement released Dec. 2, the Bentonville, Ark.-based company said it was alerted to the problem by credit card issuers who reported that customers were complaining of fraudulent charges on their statements.
It's still not clear how the data was obtained, according to the statement. But "electronic systems and databases used inside its stores and for Samsclub.com are not involved," the company said.
Sam's Club is currently working with both Visa International Inc. and MasterCard International Inc. to investigate the breach. The company also has notified the U.S. Attorney's Office for the Western District of Arkansas and the U.S. Secret Service .
Sam's Club officials didn't respond to calls for comment.
In a statement, Visa said it has alerted all of the affected financial institutions, asked them to provide independent fraud-monitoring services to affected customers and requested that they issue new cards as needed.
"Visa will continue working with its member financial institutions, merchants and appropriate authorities to do whatever is necessary to protect cardholders," Visa said.
Kayce Bell, chief operating officer at Alabama Credit Union (ACU) in Tuscaloosa, Ala., said the company is reissuing cards to about 500 credit card and debit card holders as a result of the breach. The credit union was alerted to the problem last week by Credit Union National Association Inc., she said.
"We received information through our national reporting service that there had been a very large breach of data at Sam's Club," Bell said. About 500 debit cards and credit cards issued by ACU were among the accounts compromised in this incident, she said.
This isn't the first time this year the credit union has had to block and reissue credit and debit cards at Visa's request. Earlier this year, the ACU had to deactivate and reissue about 1,550 cards after Visa notified it that cards compromised in a CardSystems Inc. breach in June were being used fraudulently.
"I find the breach at Sam's Club to be quite surprising," said Corinne Sherman, vice president of card services at the Pennsylvania Credit Union Association. What is especially of concern is that Sam's Club appears to have stored information from both tracks of the magnetic stripe on the back of credit cards, thereby raising the potential for data thieves to create counterfeit cards, she said.
Considering the number of similar breaches that have been
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!