Bank Card Reissues May Be Linked to Wal-Mart Breach

Banks are reissuing credit and debit cards after a potential security breach at a U.S. retailer, which some speculate is Wal-Mart.

In what appears to be a widening incident, Bank of America, MasterCard and Visa all announced this week that they have been informed of a potential security breach at a U.S.-based retailer.

The companies refused to name the retailer involved, but at least one bank said that systems belonging to Wal-Mart Stores, the worlds largest retailer, may be to blame.

A spokeswoman for Regions Financial Corp. confirmed that the bank reissued debit cards in late January after being informed by credit card processor CardSystems Inc. in November that some customer accounts were compromised in a security breach at Wal-Mart and Sams Club Stores.

Regions Financial reissued 100,000 debit cards on Jan. 23 after the Birmingham, Ala. company was told that its customer information could have been exposed in a breach at the retail giant, said Sonya Smith, a spokeswoman for the company.

/zimages/6/28571.gifSurvey: U.S. adults more afraid of cyber-crime than physical crime. Click here to read more.

Regions was first informed of the breach in November, but had to wait to reissue cards because of delays in integrating customer databases after a recent merger, she said.

"Those were the two stores where CardSystems identified the potential of customer [information] breach," she said.

Regions reissued cards for the customers whose accounts were exposed, though the company does not know if any of the accounts have been used fraudulently, she said.

Officials at Bank of America confirmed Feb. 9 that the company was also forced to reissue an undisclosed number of credit cards after a third-party company leaked the information, according to Betty Riess, a spokeswoman for Bank of America.

Bank of America was forced to shut down "numerous" debit cards as a precautionary measure against potential fraud.

The bank has issued letters to all of the affected customers informing them that their cards were cancelled and to be aware of the threat of criminal activity on their accounts, Riess said.

MasterCard International is also aware of a potential security breach at a U.S.-based retailer, the company said in an e-mail statement.

The company notified banks that issue MasterCard cards to monitor for any suspicious account activity and take the necessary steps to protect cardholders, according to the statement.

/zimages/6/28571.gifClick here to read about a lawsuit that sought payback for a major credit card breach.

However, it was unclear on Feb. 10 whether a breach at Wal-Mart was also behind reissues at the other financial institutions. A Wal-Mart spokesman said he was unaware of an information breach linked to Regions.

Calls to CardSystems Inc. were not returned.

Details of the problem remained scant, with banks and credit card companies refusing to offer details as to how the customer data was exposed or which of its partners was responsible for the situation.

Riess at Bank of America declined to name the retailer or discuss the timing of the breach. She referred questions to Visa and MasterCard. Officials at those companies did not immediately respond to requests for comment.

MasterCard declined to discuss the details of the incident, citing an "ongoing law enforcement investigation."

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.