A faulty point-of-sale (POS) system at retailer Polo
Ralph Lauren in the US, last week resulted in 180,000 credit card
customers being warned of potential ID thefts.
The POS system was reported to have retained and stored credit
card information rather than purging the data immediately after
processing each transaction, a problem which affected all credit
card transactions at the US retailer between June 2002 and December
2004.
The retailer informed HSBC Bank, which is responsible for the
General Motors-branded MasterCard used by 180,000 Polo Ralph Lauren
customers, and HSBC sent out the warning letters. Polo Ralph Lauren
also informed Visa USA, and is reported to have warned other credit
card issuers.
A statement from Polo Ralph Lauren said, "The company did learn
that certain credit card information may have been retained and
stored in its point of sale software. The company took immediate
steps to purge this data and cure the problem."
Polo Ralph Lauren added it has been working with law enforcement
officials and credit card companies since autumn 2004 to determine
the origin and extent of the compromise. "The company is confident
that its credit card system is secure, and that our customers'
credit card information is properly protected," it added.
A statement from Visa USA said, “Visa USA was recently notified
by a US merchant that it experienced a data security breach
resulting in the compromise of payment card account information.
Visa immediately began working with the merchant, law enforcement
and the affected member financial institutions to monitor and
prevent card related fraud.”