Big-time theft

Published: Thursday, Aug. 12, 2004 11:08 a.m. MDT
 |  E-MAIL | PRINT | FONT + - 
BOSTON — BJ's Wholesale Club Inc. attracts shoppers to its stores by putting thousands of discounted products under one roof. It wasn't hard to attract cyberthieves either, with databases that amass credit card numbers in huge numbers.

The theft earlier this year of thousands of credit card records from the nation's third-largest warehouse club illustrates the potential for massive-scale identity theft whenever so much purchase-enabling information is stored in one place. It also illustrates how difficult the cleanup can be.

The Secret Service still doesn't know whether the breach was an inside job or the work of hackers, but it has made some arrests, said Tim Buckley, a Secret Service agent investigating the case.

The suspects arrested recently in the United States and abroad may have ties to a large international identity theft ring, Buckley said. He declined to say how many arrests have been made or provide further details.

Meanwhile, financial institutions are still smarting. They've had to reissue hundreds of thousands of credit cards belonging to BJ's customers as a precaution against further fraud.

The BJ's case may be the largest retail fraud of its kind based on the amount of cards reissued, experts say.

Story continues below

Hundreds of thousands of replacements were sent to customers across the 16 states where BJ's operates, though BJ's says the breach affected only "a small fraction" of its 8 million members.

Philadelphia-based Sovereign Bank covered about 700 fraudulent transactions from the BJ's theft and had to reissue 81,000 cards twice, at a cost of about $1 million, once in May and again in June, after a glitch occurred with the first batch, said spokeswoman Ellen Molle.

"There are some pretty heavy losses out there," said Greg Smith, president of the Pennsylvania State Employees Credit Union, which reissued cards to 14,000 of its members at a cost of $100,000.

Visa and MasterCard issuers in the United States, most of them banks, lost an estimated $820 million from fraud in 2003, up 6 percent from the previous year, according to a study by Credit Card Management, an industry magazine.

When BJ's disclosed the breach in a March 12 news release, it said it had altered its security systems and was confident customers' information was secure. BJ's, which has 150 clubs and 78 gas stations, has said the theft would have no material effect on its finances. Consumer advocacy organizations say they've received few consumer complaints.

But the company, based in Natick, Mass., now faces claims from some of the 10 to 15 banks that had to replace cards or reimburse consumers for fraudulent transactions. Investigators and bank officials have declined to disclose the monetary losses.

Comments

You can be the first to comment on this story.

Image
Michael Dwyer, Associated Press

BJ's Wholesale Club, in Stoneham, Mass., was the target of cyberthieves who stole thousands of credit card records.

previousnext

Latest comments

They used that "stomach exploding' myth with both Fizzies and Pop Rocks.

Tyrus Thomas is AWESOME! I'll drop Booz for 2 blocks a game any day. I can't...

I can hardly wait to hear the crying and whining when fans in Jazzland...

Single-payer system best

NOBODY IS TALKING ABOUT ADOPTING A UK OR CANADA TYPE HEALTHCARE SYSTEM....

I remember that in California everyone was sitting on their roofs watching...

I think the Jazz, or more properly the Larry H. Miller Group, are going into...

Keeping golf light on the wallet in Utah

The reason golf is cheaper in Utah is because most courses are owned by a...

Couple bridging world's digital divide

To our dear friends Martha and Quinn: I think it is a wonderful job that you...

A note to Republicans. It would be to the best interest of Republicans to...

has signed a 2 year extension. There is much that can be inferred. 1. The...

Advertisements