(Phoenix, Ariz. – June 28, 2005) Attorney General Terry Goddard today called on Tucsonbased CardSystems Solutions, Inc., to immediately notify any Arizona consumers whose information may have been stolen following a recent security breach.
Goddard joined 44 state attorneys general as well as the attorneys general representing the District of Columbia, American Samoa, the Northern Mariana Islands, and Puerto Rico in a letter calling for notification.
CardSystems, a credit card processing company, recently experienced a security breach of nonpublic personal information affecting as many as 22 million Visa-branded cards and 14 million MasterCard-branded cards. The company notified Visa and MasterCard in late May; most consumers affected, however, have yet to be notified. Only California has a state law that requires companies to notify residents of a security breach.
The letter references a recent report that CardSystems may have violated provisions of the Payment Card Industry Data Security Standard, a set of security requirements for merchants and payment processors that includes implementing strong access-control measures, regularly monitoring and testing networks, and maintaining an information security policy.
“Violating the security standards is unacceptable,” Goddard said. “Arizona consumers could be doing everything right and still be identity theft victims because of corporate ID theft incidents that have occurred over the last six months. CardSystems should do the right thing in this case and start notifying all affected consumers.”
The letter asked CardSystems Solutions to provide the following to participating attorneys general:
- A total number of consumers impacted by this security breach in each state;
- An explanation of how the breach occurred and steps the company is taking to mitigate the consumer injury caused by the breach, including efforts to notify affected consumers;
- An outline of the plan CardSystems Solutions, Inc. has developed to prevent another security breach; and
- A timeline to implement the plan.
According recent news accounts, the breach at CardSystems Solutions became public on June 17, when MasterCard International announced that computer hackers had accessed the account numbers of 13.9 million of its cardholders.
Goddard suggested that consumers worried about the breach may consider ordering a credit report to check for any suspicious activity. Arizona consumers can now get a free annual credit report from all three credit reporting agencies under a new Federal Trade Commission rule. Consumers may want to order the three reports over a period of several months so they can better follow their credit records.
To obtain the free reports, consumers can call 1-877-322-8228, order online at www.annualcreditreport.com or complete the Annual Credit Report Request Form, available at www.ftc.gov/credit, and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Others signing the letter include Attorneys General of Alabama, Alaska, Arkansas, Colorado, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhodes Island, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, American Samoa, the District of Columbia, Northern Mariana Islands, and Puerto Rico.
A copy of the letter sent to CardSystems Solutions, Inc. is attached. For more information please visit the Arizona Attorney General’s Office Web site at www.azag.gov.