A faulty point-of-sale (POS) system at retailer Polo Ralph Lauren in the US, last week resulted in 180,000 credit card customers being warned of potential ID thefts.
The POS system was reported to have retained and stored credit card information rather than purging the data immediately after processing each transaction, a problem which affected all credit card transactions at the US retailer between June 2002 and December 2004.
The retailer informed HSBC Bank, which is responsible for the General Motors-branded MasterCard used by 180,000 Polo Ralph Lauren customers, and HSBC sent out the warning letters. Polo Ralph Lauren also informed Visa USA, and is reported to have warned other credit card issuers.
A statement from Polo Ralph Lauren said, "The company did learn that certain credit card information may have been retained and stored in its point of sale software. The company took immediate steps to purge this data and cure the problem."
Polo Ralph Lauren added it has been working with law enforcement officials and credit card companies since autumn 2004 to determine the origin and extent of the compromise. "The company is confident that its credit card system is secure, and that our customers' credit card information is properly protected," it added.
A statement from Visa USA said, “Visa USA was recently notified by a US merchant that it experienced a data security breach resulting in the compromise of payment card account information. Visa immediately began working with the merchant, law enforcement and the affected member financial institutions to monitor and prevent card related fraud.”