Credit card data breach probed at BJ's stores
A 'small fraction' of customer data may have been compromised
Computerworld - A "possible compromise" in the computer systems used by BJ's Wholesale Club stores remains under investigation after the company learned that credit card information for some of its customers may have been stolen.
The Natick, Mass.-based wholesale consumer buying club said in an announcement last week that a "small fraction" of its 8 million members may have been affected by the data thefts from its stores. The incidents are being investigated by credit card companies and law enforcement agencies.
Spokeswoman Amy Russ said she couldn't comment further on the security breach.
BJ's learned of the problems when the company was notified by credit card companies of possible fraudulent transactions affecting customer accounts. It's now conducting a review with a security firm.
In its statement, BJ's said it "ruled out the likelihood of a centralized security compromise" and implemented several measures to eliminate possible avenues by which credit card information could be accessed.
"We are confident in the current safety and integrity of our systems," Bob Hamilton, vice president of loss prevention at BJ's, said in a statement. "This type of crime is the fastest growing crime in America and is a major concern for all retailers, including BJ's. We take this issue very seriously and we are continually working to employ advanced technologies to ward against increasingly sophisticated credit card information theft schemes. We remain fully committed to protecting the privacy of our members and the security of their information and are working with credit card companies and law enforcement to identify and prosecute these criminals."
Hamilton said that "while it is not industry practice for retailers to bring information like this to its consumers, we feel our members should be aware of this issue."
BJ's said that any customers who believe that their credit card information was stolen should immediately report it to their credit card companies.
Pete Lindstrom, a security analyst at Spire Security in Malvern, Pa., said incidents like this are often difficult for companies to find because the credit card information isn't actually missing, but has been copied, making it hard to know that a breach has occurred. "Very rarely do folks learn their lesson until after the fact," he said. "Just once I want somebody to announce a [security] clampdown before a breach occurs."
Carol Baroudi, a retail analyst at Baroudi Bloor in Arlington, Mass., said the incident should remind credit card holders that they should always carefully check their credit card statements for unauthorized charges.
"The problem is that fraud is only going to escalate," Baroudi said. "The thing is it should have neverhappened, but it's going to happen because there are new vulnerabilities discovered and exploited every day. Every vendor has to go all the way to look at every protection, but consumers have to look at every credit card bill."
BJ's, which opened its first store in 1984, operates 150 clubs and 78 gas stations.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts