Western Union on Sunday said hackers made
electronic copies of the credit and debit card information of
15,700 customers who transferred money on a company Web site.
The company began calling and sending e-mail to affected customers over the weekend, and by late Sunday had informed Visa and MasterCard of the accounts involved.
Online Users Affected
Only Web site users who conducted online transactions would have been affected, company officials said. They said the hackers broke in while the site was undergoing maintenance and was unprotected.
Western Union spokesman Peter Ziverts said no cases of credit card fraud had been reported to the Englewood, Colo.-based company by Sunday evening. Visa International and MasterCard International Inc. have begun monitoring customers’ accounts for possible fraudulence, he said.
Western Union, a unit of Atlanta-based First Data Corp., first learned the Web site had been hacked on Friday. The Internet-based money-transfer service began in June.
The Web site that was hacked—www.westernunion.com—also allows customers to apply for loans, send messages and locate the nearest Western Union store, but customers using these services were not affected, Ziverts said. Likewise, customers using another Western Union Web site—www.westernunionmoneyzap.com—were not affected, he said.
Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center, said the Western Union security breach reflects the risks to consumers as companies rush to do business on the Internet.
“In the end, what matters to consumers is that the companies to which they entrust their credit card numbers and personal information will be able to safeguard that data,” Rotenberg said.
In one effort to address privacy and security issues that analysts say have slowed the growth of e-commerce, American Express last week announced it would offer disposable credit card numbers for safer online shopping.
Ziverts said Western Union’s problem was caused by human error and not an inherent technical flaw. Systems employees conducting regular maintenance left parts of it unprotected, allowing hackers to break in, he said.
Ziverts stressed that officials don’t believe it was an inside job and said the company had not taken any disciplinary action.
The company and law enforcement was investigating the breach, but Ziverts declined to provide further details about the probe or say what agencies were involved. The FBI office in Denver would not say whether it was investigating.
Western Union carried out 73 million money transfer transactions worldwide last year. Most were done through agents in stores or over the phone.
The company has set up a toll-free number for complaints: 1-800-228-6530.