• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

« Previous Post | Blog Home | Next Post »

Massive data breach of customer ATM info at Dollar Tree

Posted on Aug 3, 2006 by Tom Fragala

Update: 10 days after I first reported it, Bob SUllivan of MSNBC is reporting this ATM-Debit data breach and fraud on his blog Red Tape. Bob does understand how seroius this fraud is. Finally, someone in the mainstream media gets it. As I said on August 4th below, this really should be a big story. Bob also wonders how the criminals got the PINs to makae ATM withdrawals. Although it is possible that is how the fraud was perpetrated, as I point out in the comments on his blog, most ATM cards are also debit cards with a Visa/Mastercard logo. So that could be how the fraudsters pulled the money—simple credit card type transactions.

SacBee reports on a nasty data breach at Dollar Tree. Looks to be vast amounts of customer ATM data. The losses already are piling up big time—well over $700,000 drained from people’s accounts and I’m guessing far more than that. It looks to be a fraud case that goes across multiple states. If this isn’t a huge story, it damn well should be. These fraudsters knew what they were doing—they must have purposely gone after ATM data, knowing it’s a gold mine compared to simple credit cards. They also likely setup bank accounts with phony or stolen identities to launder the funds. This is major league fraud. And a Federal-level crime (large amount, across state lines) so the Secret Service has jurisdiction.

According to a report in the Modesto Bee, Dollar Tree customers there began reporting unauthorized ATM withdrawals from their bank accounts on June 12. Modesto police last week said that more than 600 accounts were drained of more than $500,000.

Police in Ashland on Tuesday confirmed that at least 200 people have lost more than $200,000 due to unauthorized bank account withdrawals after shopping at Dollar Tree stores in the Rogue Valley region of southern Oregon.

This fraud is covered under the Electronic Funds Transfer Act. Victims have TWO DAYS to report the loss to limit your liability to $0 and 60 days to limit your liability to no more than $500. After that your losses could be unlimited. Check your bank statements closely if you have ever used an ATM card (or credit card) at Dollar Tree. Report suspicious or unauthorized transactions to your bank or card issuer by telephone immediately and then follow up in writing. Use certified mail, return receipt requested. Put a password or PIN on your bank accounts. A fraud investigator should get back in touch with you.

And Dollar Tree has nothing on their web site. Every large company should have a crisis lockbox ready to go. It should include a blog dedicated to the problem with detailed information for customers and the press. Sweeping it under the rug will just backfire.

Finally: Avoid using your ATM card to make point of sale purchases. I wrote about that here. If a criminal gets your ATM data they can suck funds directly from your account. I hope Costco is watching this—they practically force you to use your debit card for purchases (or open a Costco credit account)