Citigroup spokesperson Elizabeth Fogarty released the following statement to us regarding the ATM crisis:
“Recently, we became aware of fraudulent ATM cash withdrawals on Citi-branded MasterCard credit and debit cards used in the UK, Russia and Canada on customer accounts that had been possibly compromised in previous retailer breaches in the US. To protect customer accounts that were affected, we placed a special transaction block in those three countries on PIN based transactions. We are currently reissuing cards, as appropriate, to affected customers.
Protecting our customers’ accounts and personal information is one of our highest priorities.“
The security breach is said to extend from a data loss by two retailers that occurred over a year ago. When asked who the retailers were, she said that data was not available at this time.
It seems this article in the Fresno Bee, which BoingBoing pointed to us, may be pertinent. As they report, about three quarters of a million dollars in fraudulent ATM withdrawals were initiated in Russia and across the world. These withdrawals seemed to stem directly from data loss by an unspecified retailer. As to why the retailer is unnamed, Foley, an employee of the Identity Theft resource center said, “I’m quite sure that (the retailer) doesn’t want the world to know that he was quite so dumb as to lose this information.”
It seems that the banking organizations are more than willing accomplices in keeping the retailer’s identity cloaked.
Another article, also found via a BoingBoing pointer, if not directly related, certainly makes for interesting reading. It describes the guilty pleas of 12 of the 21 arrested members of a global ATM scam network called Shadowcrew operating a website trafficking in stolen credit and bank card numbers and identity information.