CRM Daily | Data Breach Exposes 650,000 Card Holders
It took GE Money two months to reconstruct
the missing tape and identify the people whose information was lost.
Since December, the company has been notifying consumers in batches of
several thousand and telling them to phone a call center set up to deal
with the breach. The notification is expected to be completed next week.
Personal information on about 650,000 customers of J.C. Penney and up
to 100 other retailers could be compromised after a computer tape went
missing. GE Money, which handles credit-card operations for Penney and
many other retailers, said Thursday night that the missing information
includes Social Security numbers for about 150,000 people.
The information was on a backup computer tape that was discovered
missing last October. It was being stored at a warehouse run by Iron
Mountain Inc., a data-storage company, and was never checked out but
can’t be found, either, said Richard C. Jones, a spokesman for GE
Money, part of General Electric Capital Corp.
Jones said there was “no indication of theft or anything of that sort,”
and no evidence of fraudulent activity on the accounts involved.
Iron Mountain spokesman Dan O’Neill said it would take
specialized skills for someone to glean the personal data from the
tape. He said the company regretted losing the tape, “but because of
the volume of information we handle and the fact people are involved,
we have occasionally made mistakes.”
Penney said it had been told of the situation and referred further inquiries to GE Money.
Jones declined to identify the other retailers whose customers’
information is missing but said “it includes many of the large retail
organizations.”
Jones said GE Money is paying for 12 months of
credit-monitoring service for customers whose Social Security numbers
were on the tape.
Incidents like this add to consumer concern about fraud. The
Identity Theft Resource Center says there was a sixfold increase last
year in the number of records reported compromised in the United States
– to 125 million.
Data breaches can stem from hacking, as well as the physical loss or theft of computers smf data-storage equipment.
TJX Cos., owner of the T.J. Maxx and Marshalls retail chains,
reported last year that tens of millions of credit and debit card
owners were exposed to fraud when hackers stole data while it was being
transmitted wirelessly.
It took GE Money two months to reconstruct the missing tape and
identify the people whose information was lost. Since December, the
company has been notifying consumers in batches of several thousand and
telling them to phone a call center set up to deal with the breach. The
notification is expected to be completed next week.
Penney card holder Elizabeth Rich of Everett, Wash., got one of
the GE Money letters saying her name, address and account number may
have been compromised. She was told her Social Security number was not
on the tape.
The letter, signed by GE Money President Brent P. Wallace, read
in part, “We have no reason to believe that anyone has accessed or
misused your information. The pieces of information on the tape would
not be enough to open new accounts in your name, and we have
implemented internal monitoring to protect your account number from
misuse due to this incident.”
Wallace said in the letter that Penney “was in no way responsible for this incident.”
The Penney name didn’t appear on the envelope Rich received, and
she thought it was a credit solicitation when she saw the GE Money
return address.
“I think the average consumer has thrown away that GE Money
letter because they don’t know it’s about J.C. Penney,” Rich said. “Not
everybody opens junk mail.”
Rich said she canceled her Penney card immediately.
Technorati Tags: data breach, j.c. penney, ge money
