Hackers Crack Credit Card Security

Breach Could Affect 40 Million Card Holders

(CBS/AP) 

Other companies that have been hit by security lapses recently include Citigroup Inc., Bank of America Corp. and DSW Shoe Warehouse. Federal lawmakers responded by drawing up legislation designed to better protect consumer privacy.

MasterCard announced the breach in a news release Friday, saying it was notifying its card-issuing banks of the problem.

CardSystems then released its own statement, saying it first learned of a potential breach on May 22. The company said it was told by the FBI not to release any information to the public; its statement Friday had been vetted by the agency.

"We were absolutely blindsided" by MasterCard's announcement, CardSystems' chief financial officer, Michael A. Brady, told The Associated Press.

CardSystems, which has a processing center in Tucson, Ariz., has been in business for more than 15 years and handles transactions for more than 115,000 small to mid-sized businesses, according to the company's Web site. The company says it processes transactions worth more than $15 billion annually.

Sobel said the fact that the latest breach involved a third party "indicates that this is a shadowy industry where the consumer never really knows who is going to be handling and using their personal information."

Earlier this month, Citigroup said UPS lost computer tapes with sensitive information from 3.9 million customers of CitiFinancial, which provides loans.

There have also been breaches involving other kinds of sensitive data.

ChoicePoint Inc. said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people.

In March, LexisNexis Inc. disclosed that hackers had commandeered a database and gained access to the personal files of as many as 32,000 people.

The company has since increased its estimate of the people affected to 310,000. Information accessed included names, addresses and Social Security and driver's license numbers, but not credit history, medical records or financial information, corporate parent Reed Elsevier Group PLC said in a statement.

The Early Show financial adviser Ray Martin offers these tips for monitoring possible identity theft.

ID Theft Warning Signs

Here are the signs that should tip you off if your personal and account information is being used fraudulently:

• Your monthly bank, loan or credit card statements stop arriving in the mail
  
• You get turned down for a new loan, credit card or a job based on information on your credit report
  
• You get calls from bill collectors from accounts you did not open
  
• When getting approved for a loan, the lender mentions that your credit score is lower that you believe it should be.

It is almost impossible to prevent ID theft from happening, even if you take every precaution to prevent it, particularly when a business that has your personal information is compromised from within. The single best defense against prolonged damage from ID theft is to frequently review your credit report information for signs of incorrect information and accounts that you did not open. Early detection and immediate action is the only way to stop the damage that can be done when your personal information is fraudulently used.

In short, you have to take as much interest in your credit record information as the bad guys do.

Request a copy of your credit report and review all the information on it at least every six months. If there is anything that is unfamiliar to you, such as a credit card or a bank account, ask the credit bureau how and when the account was opened. If it was not your doing, call the financial institution providing the account in question and alert them immediately.

Reporting ID Theft

If you suspect that you are a victim of identity theft, the Federal Trade Commission advises the following steps:

• Contact the fraud department of one of the three credit reporting bureaus and request that they place a fraud alert on your file. As soon as the fraud alert is confirmed, the credit bureau must notify the other credit bureaus to place fraud alerts on your files there.
  
  
• Request that the credit bureaus include instructions requiring a photo ID and an original signature to accompany any new applications for any accounts to be opened and require that no new credit be granted without your approval and verification of a secret password.
  
  
• Immediately close accounts that you know to have been opened fraudulently.
  
  
• Call your local police department and request to file a police report. Unfortunately, some police departments may not take your report, because these crimes are often multi-jurisdictional (because they are committed in several states). At least, request to file an incident report and keep a copy of the report in case you need it as proof of the crime later.
  
  
• Also call the Federal Trade Commission ID Theft Hotline at 877-IDTHEFT (877-438-4338), or its Consumer Response Center at 877-382-4357 to file a report.
  
  
• For further protection, notify all of your financial and service accounts that your personal information has been stolen and change all account numbers and add passwords on all accounts.