Hackers dipped into the accounts of about 100 Frost Bank customers after they took Visa debit card information from the database of an unnamed national retailer and went on a spending spree, Frost officials said Thursday.
The information system breach compromised credit card accounts with banks across the nation, Frost Bank officials said, although Frost was apparently the only one to acknowledge that it was advising affected customers of the incident. The bank restored funds to accounts that sustained losses.
"We want our customers to know they have no liability," said Senior Vice President Sharion Scott.
Frost, which is contacting affected customers by letter or phone, did not divulge the amount lost.
A statement from Visa USA said a domestic merchant had notified the company that a data security breach may have compromised Visa card account information. Visa said it alerted affected financial institutions.
The credit-card company did not reveal the number of affected institutions, the retailer involved or the time of the thefts.
In a letter to affected customers, Frost said Visa had advised bank officials that Visa, MasterCard, and other debit and credit card numbers from banks across the country could have been compromised. Officials at Bank of America, Citigroup and Wachovia said they did not have enough information to comment Thursday.
The incident is lumped in with the burgeoning wave of identity theft that financial institutions are combating. A 2004 Justice Department study said about three of every 100 U.S. households had been recent victims of identity theft.
But in this case, no names, Social Security numbers or other personal identification were taken, Scott said. Visa told the bank that personal identification numbers of credit card customers and account numbers were stolen when a national retailer's database was breached.
The cyber intruders gained access to about 9,300 Frost debit card accounts but used less than 1 percent of them, Scott said.
She emphasized that the break-in affected another company's data system, not Frost Bank's.
[an error occurred while processing this directive]