[Dataloss] Montgomery Ward didn't tell consumers about credit card hack

Henry Brown hbrown at knology.net
Mon Jun 30 19:37:05 UTC 2008

Follow up with some interesting ADDITIONAL Details...


Milgrom said Direct Marketing Services immediately informed its payment 
processor and Visa and MasterCard. Then, Milgrom said, Direct Marketing 
Services closely followed a set of guidelines, issued by Visa, on how to 
respond to a security breach. That included a report to the U.S. Secret 
Service. He said he believed by the end of December that Direct 
Marketing Services had met its obligations.


After being asked about those laws by The Associated Press, Milgrom said 
Direct Marketing Services now plans to contact consumers.


Along with the card numbers, their three-digit "security codes" and 
expiration dates, the thieves had the cardholders' names, addresses and 
phone numbers. The data had been organized in the same way, indicating 
the numbers likely came from the same database. CardCops' president, Dan 
Clements, also noticed that the vast majority of the cardholders were 
women, a clue that the records came from a merchant catering to a 
certain demographic.


It is not clear to Clements, though, whether the hackers were inflating 
their claim when they offered 200,000 records or whether Milgrom's 
number of 51,000 is accurate.


Links to the 44 state notification laws: 

-------- Original Message --------
Subject: [Dataloss] Montgomery Ward didn't tell consumers about credit 
card    hack
From: lyger <lyger at attrition.org>
To: dataloss at attrition.org
Date: 6/27/2008 5:55 PM
> http://www.wztv.com/template/inews_wire/wires.national/2c50aedd-www.fox17.com.shtml

More information about the Dataloss mailing list