updated 6/28/2005 8:44:12 PM ET 2005-06-29T00:44:12

The attorneys general of 44 states demanded Tuesday that the credit card processor responsible for a breach that exposed 40 million cardholders to possible fraud inform affected consumers about the risk.

In a terse letter sent to CardSystems Solutions Inc., the law enforcement officials said the company needs to tell exactly what happened when a computer hacker may have gained access to millions of credit card numbers.

Officials have called it one of the largest security breaches involving consumer data. Atlanta-based CardSystems Solutions processes credit card and other payments for banks and merchants. All brands of credit cards could be affected, and records pertaining to at least 200,000 are known to have been stolen, primarily MasterCard and Visa cards.

"It is the responsibility of CardSystems Solutions, Inc. to make sure the public is aware of this security breach ... and to take the appropriate action to make sure it doesn't happen again," said Tennessee Attorney General Paul Summers.

The letter called the company's action "unacceptable."

Company officials in Atlanta and Tucson, Ariz., did not immediately return calls seeking comment.

  • The attorneys general also said the company needs to:
  • Total the number of consumers affected in each state.
  • Explain how the breach occurred and the steps taken to reduce harm to cardholders.
  • Disclose its plan to make sure it doesn't happen again.

The attorneys general gave the company until July 25 to respond, and they didn't rule out the possibility of legal action.

"I think it is doubtful it will come to that," said David Huey, Washington's assistant attorney general. "I don't have any reason to believe we won't get cooperation from this company. But that remains to be seen, and litigation is the ultimate club."

The compromised data at CardSystems Solutions did not include Social Security numbers _ a key piece of information often needed for identity theft. But it had names, banks and account numbers.

"The big fear out there is identity theft," said Huey. "That is a growing problem, and a huge problem, and one that gives us great concern."

The disclosure by CardSystems followed other reports of lost data, including lost information for 3.9 million Citigroup Inc. customers, theft of 1.4 million credit card numbers from a DSW Shoe Warehouse database and theft of information on 100,000 Wachovia Corp. and Bank of America Corp. customers.

Credit card holders are liable for no more than $50 of unauthorized charges under federal law. Some credit card companies offer zero liability to customers.

© 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments