Shostack + Friends Blog Archive

 

BancorpSouth, 6500 debit cards, unknown

In a report [link to http://www.wlbt.com/Global/story.asp?S=4283530&nav=2CSf no longer works] remarkable for what it doesn’t say, WLBT TV of Jackson, MS reports:

A possible security breach has one bank giving customers new debit cards. BancorpSouth is sending out new cards to about 6500 customers.
The vice president of the banks security department says account numbers were either lost or they were somehow hacked into.

From The Northeast Mississipi Daily Journal comes word [link to http://www.djournal.com/pages/story.asp?ID=209228&pub=1&div=News no longer works] that an unnamed merchant, not the issuing bank itself, was breached:

The Daily Journal reported Friday that BancorpSouth had notified about 6,500 customers in recent days that their MasterMoney debit cards “may have been compromised.” The bank is sending the customers new cards.
BancorpSouth officials noted late Friday in a release that their bank was not the only one with the problem. The release said “other banks across the country are facing a situation in which a small percentage of customers’ debit cards and credit cards have been compromised.”
Account numbers were either lost or hacked into, said Cathy Talbot, president of BancorpSouth’s security department. “It wasn’t BancorpSouth, but with a merchant,” she said in the story in Friday’s Daily Journal.
The merchant wasn’t identified by MasterCard International.

So, MasterCard knows who got 0wned, but they won’t say, leaving an issuer to assume the worst. Sounds similar to something we noted earlier. Meanwhile, the cardholders are already being phished [link to http://www.sunherald.com/mld/sunherald/news/state/13474511.htm no longer works].
Update 01/03/2006: The 12/30/2005 American Banker reports that, according to Visa, the merchant affected by this breach is not Sam’s Club.