Consumer News Release
For immediate release - Wednesday, June 29, 2005.
Contact Bob Brammer - 515-281-6699.
AGs ask CardSystems Inc. to Explain Data Breach and Alert Consumers
Attorney General Tom Miller and colleagues from a total of 48 states and territories are asking CardSystems, Inc., to notify consumers in their states if they are affected by a security breach that potentially compromised tens of millions of credit card accounts.
CardSystems is an Atlanta-based processor of credit card payments for banks and merchants. Reports last week indicated that hackers installed a rogue computer program that extracted data, potentially compromising as many as 22 million Visa-branded cards and 14 million MasterCard-branded cards, as well as others.
According to news reports, records on about 200,000 credit cards may have been stolen, but not birth dates or Social Security numbers.
"We constantly advise consumers to guard their personal information," Miller said. "It should go without saying that companies have a crucial duty to employ the strongest level of security when they are entrusted with people's financial information. The data breaches we've seen lately are very troubling, and they are unacceptable."
"We call upon your company to do the responsible thing and notify all affected consumers immediately," the Attorneys General wrote in a letter sent yesterday to CardSystems, Inc. The letter also asked for an explanation of how the breach occurred, how many consumers are affected in the states, what steps the company is taking to mitigate consumer injury (including efforts to notify consumers), and what plans CardSystems has to prevent recurrence of such a security breach.
Miller said his office will consider proposing state legislation next year that would require a company to notify consumers if it permitted disclosure of their non-public personal information.
In the CardSystems matter, the primary threat appeared to be the possibility of unauthorized charges on some people's accounts, and a lesser threat of identity theft.
Miller said Consumers should always follow these tips, especially in case of security lapses:
- Examine credit card and bank account statements every month.
- Dispute any unauthorized charges. Call the credit card company immediately, and send a letter disputing the charge. (Keep a copy for your records.)
- Do not pay the disputed amount when you pay your bill. (Include a note or a copy of your letter to explain why you are withholding part of the payment.)
- Cancel the credit card and get a replacement with a new account number.
- Get FREE copies of your credit reports. One copy per year is available at no charge from each of the three major credit reporting bureaus. Go to www.annualcreditreport.com, or call toll-free to 1-877-322-8228.
For more information on preventing identity theft, obtaining free credit reports, and other consumer tips, go to www.IowaAttorneyGeneral.org (click on "protecting consumers.")
The Federal Trade Commission's Identity Theft web site is: www.consumer.gov/idtheft/ The FTC's I.D. Theft Hotline is 1-877-ID-THEFT (877-438-4338.)
Letter sent April 28 to CardSystems by the attorneys general.
- 30 -