Credit Card Issuer Discloses Retail Data Breach

Share this content:
The day after an April 13 Senate Judiciary Committee hearing on data security, the North American division of British credit card company HSBC PLC sent letters to 180,000 cardholders to inform them that their personal data may have been accessed via transactional data of a U.S. retailer, according to a report in yesterday's Wall Street Journal.

The Journal identified the retailer as Polo Ralph Lauren Corp., though it said the company declined to comment and HSBC would not discuss specifics.

HSBC told the paper that the consumers who may be affected by the breach hold a General Motors-branded MasterCard and that the letters were sent last week.

MasterCard and Visa acknowledged that they were aware of the breach, had notified the banks that issue their cards and that cardholders were protected from fraudulent charges to their accounts.

The news follows the March 8 revelation that Retail Ventures Inc. subsidiary DSW Shoe Warehouse suffered a data theft affecting 103 of its 175 U.S. stores. The number of consumers affected was not revealed, but stolen data included credit card information and purchase data.

Bank of America confirmed Feb. 25 that some of its computer data tapes containing personal and account information for 1.2 million federal government charge card program customers were lost during shipment to a backup data center.

The latest incident likely will strengthen legislators' resolve to pass new federal data protection regulation this year.

This week alone, Sens. Charles Schumer, D-NY, and Bill Nelson, D-FL, introduced an identity theft prevention bill that would create a Federal Trade Commission office of identity theft and require data providers to register with the FTC. Other provisions would institute safeguards to prevent fraudulent access to data and give consumers access and the option to fix errors.

The legislation also would mandate notice of third-party data disclosure and notification of data breaches. Provisions related to Social Security numbers would prohibit companies from asking for the numbers unless necessary for a transaction; prohibit display of Social Security numbers on employee IDs; ban the sale and purchase of the numbers except for law enforcement, national security and fraud purposes; and grant the attorney general the ability to define exemptions.

Also this week, Sen. Dianne Feinstein, D-CA, offered a revised version of the Notification of Risk to Personal Data Act that she first introduced Jan. 24. The original bill required mandatory notification when sensitive data are breached. The revision adds provisions to close loopholes that exempt encrypted data and specify the contents of the notices.

The flurry of legislation began when data providers ChoicePoint and LexisNexis suffered high-profile data breaches.

Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting


Next Article in Multichannel Marketing

Sign up to our newsletters

Company of the Week

PAN Communications is an award-winning integrated marketing and public relations agency for B2B technology and healthcare brands. PAN's data-driven approach allows the firm to specialize in public relations, social media, content and influencer marketing, and data and analytics. PAN partners with brands to create unique, integrated campaigns that captivate audiences.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above