Data Theft Forces Account Closures

Register now

Dozens of credit unions and banks were forced to shut down credit and debit card accounts after computer hackers gained access to millions of accounts at a major east coast wholesale chain.

The company, identified as BJ's Wholesale Club, said a small number of their eight-million customer accounts had been accessed and it notified the major credit card companies, Visa and MasterCard. Both Visa and MasterCard then sent out alerts to their members.

The security breach was causing havoc at several credit unions. Officials at Finger Lakes FCU, in Geneva, N.Y., said it shut down all of its 1,000 Visa credit/debit accounts as a precaution, even though there had been no signs of unauthorized use of the cards. "We'll issue members new cards immediately," said Ann Olney, vice president of Finger Lakes. "It's just a precaution."

Family First CU, in Rochester, also said it closed down affected member accounts and issued new cards for the accounts.

But Navy FCU, the largest credit union card issuer, said it closed 40,000 of its Visa credit card and debit card and MasterCard accounts, but not before as many as 200 accounts had been used to make unauthorized purchases.

Loren Moeller, spokesperson for Navy Fed, said that immediately after finding out about the potential security breach NFCU alerted its members with overnight Western Union Mailgrams, auto-dial telephone messages and electronic alerts over the credit union's home banking site.

"When we found out they were compromised what we decided to do was put out alerts and put blocks on those accounts," said Moeller. "We were proactive in letting people know their accounts may have been compromised.

She noted the 40,000 cards represent a small portion of Navy's two-million card accounts.

BJ's said after discovering the security breach it took immediate steps to notify the card companies and to review its computer systems.

BJ's didn't indicate how the credit card account numbers were stolen, but said an exhaustive review by an outside firm "ruled out the likelihood of a centralized security compromise." Several additional safety measures were implemented at the firm's "club-level" systems.

Both Visa and MasterCard warned consumers to check their credit card bills carefully for signs of unauthorized use. Both companies reminded cardholders that they are not liable for the unauthorized use of their cards.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER