If you're a customer with a major bank chain, and you're finding that your debit card suddenly doesn't work, you may be one of the victims of the latest alleged data security breach.
Several maor banks have canceled the debit cards of as many as 200,000 customers in the last week, after reports that the databases of a major office-supply retailer were hacked.
The thieves obtained personal information including names, debit card numbers, and the personal identification numbers (PINs) used to authorize transactions.
The FBI and Secret Service are pursuing the investigation, which so far centers around reports of fraudulent charges from both Wal-Mart's Sam's Club division, and possibly from national retailer OfficeMax.
The mystery began when Bank of America customers received notices that their debit cards were canceled in early February, due to an unidentified "third-party" breach. Bank of America promised to replace the debit cards as soon as possible, but did not provide customers with any more detail about the incident.
Bank of America was joined by Wells Fargo and Washington Mutual, both of which issued notices to certain customers that they were canceling and replacing their debit cards due to a similar breach.
All three banks have remained silent on the incident, claiming that the investigation is ongoing and that they cannot reveal any more detail. Investigators are also keeping mum, leaving frustrated consumers seemingly in the dark.
But the trail doesn't end there. CNET staff writer Greg Sandoval reported that Wal-Mart had notified the public of a potential data breach in Dec. 2005, centered around Sam's Club customers who had bought gas at Sam's Club gas stations between Sept. and Oct. 2005.
Merchant card processor CardSystems had reported to Visa and MasterCard that there was a potential data breach of Wal-Mart's records in Nov. 2005, according to eWeek. At least one bank, Regions Financial, promptly canceled and reissued 100,000 debit cards after the news.
Another suspect is retail chain OfficeMax. The FBI had already been investigating a breach involving the Golden 1 credit union in Sacramento, California in Nov. 2005, which led the credit union to cancel 1,500 members' cards.
Although the agency declined to provide specifics, sources claim the breach occurred at a retail chain store in Sacramento, and that many of the affected customers in both breaches had shopped at OfficeMax in recent months.
OfficeMax spokesman William Bonner said that to his knowledge, no fraud or security breach had occurred. There has been no statement indicating that the two breaches are connected.
CardSystems itself is notorious for its failure to protect the data of 40 million Visa and MasterCard users from a ring of identity thieves, which led to 263,000 accounts being usurped.
Speculation exists that the CardSystems data breach may also have led to thousands of cardholders getting hit with "spam charges" in what is now called the "Digital Age Fraud."
CardSystems was sold to payment processing company PayByTouch, which specializes in biometric identification. Visa had initially threatened to terminate its business relationship with CardSystems after the data breach, but agreed to continue doing business with the company until its sale to PayByTouch is complete, as of January 21st.