February 10, 2006 6:01 PM PST

FBI makes connections in data breach case

A data security breach that has spurred at least two large banks to cancel thousands of customer debit cards appears to be connected to an older ongoing investigation in Sacramento, the FBI said Friday.

Scores of Bank of America and Washington Mutual customers have received notifications from the banks that their debit cards were cancelled because of a breach at a "third-party" establishment. In interviews with CNET News.com, neither bank would disclose the name of the unidentified company.

However, law enforcement and banking sources, who asked for anonymity, told CNET News.com that the unidentified business was one of the big-box retailers.

Another law enforcement official, FBI Special Agent John Cauthen, said the bureau is part of a joint investigation into the matter along with the Secret Service.

Cauthen said the FBI believes the case is tied to a security breach first reported in The Sacramento Bee last November. In that case, the Golden 1 Credit Union canceled about 1,500 debit cards after being alerted to possible fraud in the Sacramento area.

The credit union told customers that the fraud resulted in "counterfeit cards being made and used internationally." Golden 1 also said that not all the debit cards cancelled had unauthorized withdrawals on them, but all were used at an unidentified Sacramento business in the fall of 2005.

Someone working for that merchant is suspected of pilfering account and PIN numbers from the cards, the Bee reported.

In a phone interview, Cauthen said the FBI and Secret Service are "working what appears to be the same debit-card case."

News of a wider problem arose this week when The San Francisco Chronicle wrote that Bank of America had begun canceling numerous debit cards. On Friday, the paper reported that as many as 200,000 debit-card holders could be affected.

Replacing the cards likely will cost the bank millions, as replacing debit cards costs about $20 apiece, according to Dan Clements, CEO of CardCops.com, an identity theft watchdog group.

"I've not seen debit cards stolen like this," Clements said. "Usually it's a combination of credit and debit cards...this is a large hack, no question about it. Quite frankly, this is the first piece of the puzzle hackers need to commit full-blown identity theft on consumers."

The past year has seen some large credit card heists. In June, an estimated 40 million credit cards were exposed when hackers penetrated the online defenses of CardSystems Solutions, a payment-processing company.

Other companies to be victimized by electronic intruders include Bank of America, Wachovia, ChoicePoint and LexisNexis, as well as several universities: Notre Dame, Stanford and the University of California at Berkeley.

See more CNET content tagged:
debit card, Sacramento, Bank of America Corp., bank, identity theft

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.