New Retail Data Breach Exposes Millions of Credit, Debit Card Numbers

Monday the Massachusetts Bankers Association (MBA) issued a press release (.PDF) announcing a major data breach at what Visa and MasterCard have said is an unnamed "major retailer." According to the MBA, 60 - 70 banks have been contacted and possibly the credit and debit cards of perhaps hundreds of thousands of consumers in New England states could be affected.

Of course, what the MBA really wants consumers to know is that the issue was not caused by banks, but by a retailer. They want to make sure the blame is targeted properly, obviously.

"We have learned that 60 to 70 of our banks have received alerts from Visa and MasterCard about thousands of exposed credit and debit cards caught in a new data breach," said Daniel J. Forte, president and CEO of the MBA. "The affected accounts appear to be located in banks in Massachusetts and northern New England."

The data breach is reported to have occurred between Dec. 7, 2007 and March 10, 2008.

Wow, that's a big window of opportunity. The MBA was critical of the fact that Visa and MasterCard haven't released the retailer's name, saying:

"Releasing the name of the retailer would make all of our lives easier and safer," said Forte. "Customers who didn’t shop there would be put at ease, and banks could do more efficient investigations to better protect customers. It is an important issue and one that we are vigorously pursuing."

Yes, ahem, it would be nice. Fortunately I don't live in the Northeastern U.S., so for once I'm not affected.

Don't forget that the last really large retailer breach was the T.J. Maxx breach, and in that case MBA settled a lawsuit with them in 2007.

As someone who's had their data lost, stolen, whatever more than once, I use constant credit monitoring, and I would recommend it to those affected by this. Once something like this happens, you're pretty much on guard for the rest of your life.

Though please don't use LifeLock, as I wrote earlier.

Update: the retailer involved was the Hannaford Bros. grocery chain, who revealed their involvement on a statement on their website. The breach has exposed more than 4 million credit and debit card numbers and has already led to 1,800 cases of fraud.