Credit card data breach probed at BJ's stores
A 'small fraction' of customer data may have been compromised
Computerworld - A "possible compromise" in the computer systems used by BJ's Wholesale Club stores remains under investigation after the company learned that credit card information for some of its customers may have been stolen.
The Natick, Mass.-based wholesale consumer buying club said in an announcement last week that a "small fraction" of its 8 million members may have been affected by the data thefts from its stores. The incidents are being investigated by credit card companies and law enforcement agencies.
Spokeswoman Amy Russ said she couldn't comment further on the security breach.
BJ's learned of the problems when the company was notified by credit card companies of possible fraudulent transactions affecting customer accounts. It's now conducting a review with a security firm.
In its statement, BJ's said it "ruled out the likelihood of a centralized security compromise" and implemented several measures to eliminate possible avenues by which credit card information could be accessed.
"We are confident in the current safety and integrity of our systems," Bob Hamilton, vice president of loss prevention at BJ's, said in a statement. "This type of crime is the fastest growing crime in America and is a major concern for all retailers, including BJ's. We take this issue very seriously and we are continually working to employ advanced technologies to ward against increasingly sophisticated credit card information theft schemes. We remain fully committed to protecting the privacy of our members and the security of their information and are working with credit card companies and law enforcement to identify and prosecute these criminals."
Hamilton said that "while it is not industry practice for retailers to bring information like this to its consumers, we feel our members should be aware of this issue."
BJ's said that any customers who believe that their credit card information was stolen should immediately report it to their credit card companies.
Pete Lindstrom, a security analyst at Spire Security in Malvern, Pa., said incidents like this are often difficult for companies to find because the credit card information isn't actually missing, but has been copied, making it hard to know that a breach has occurred. "Very rarely do folks learn their lesson until after the fact," he said. "Just once I want somebody to announce a [security] clampdown before a breach occurs."
Carol Baroudi, a retail analyst at Baroudi Bloor in Arlington, Mass., said the incident should remind credit card holders that they should always carefully check their credit card statements for unauthorized charges.
"The problem is that fraud is only going to escalate," Baroudi said. "The thing is it should have neverhappened, but it's going to happen because there are new vulnerabilities discovered and exploited every day. Every vendor has to go all the way to look at every protection, but consumers have to look at every credit card bill."
BJ's, which opened its first store in 1984, operates 150 clubs and 78 gas stations.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts