Hackers Hit Western Union

D E N V E R, Sept. 11 -- Hackers stole credit and debit card informationfrom 15,700 online customers of Western Union, whose Web site wasunprotected while undergoing maintenance.

By Sunday evening, no cases of credit card fraud had beenreported to the Englewood, Colo.-based company, and only customerswho used the Web site to transfer money remain at risk, said PeterZiverts, a Western Union spokesman.

The company began notifying customers of the problem on Friday,when the computer attack was first detected. By late Sunday, VisaInternational and MasterCard International Inc. had been contactedso that cardholders’ accounts could be monitored for possiblefraud.

Young Web SiteWestern Union, a unit of Atlanta-based First Data Corp., beganoffering online money transfer services in June, even though anofficial Web site launch was scheduled to take place later thismonth. Ziverts said the launch would likely be delayed.

Western Union would not divulge exactly how much business itconducts online, referring only to its Internet-based moneytransfer service as an “absolutely minuscule” portion of itstotal transactions.

The Web site that was hacked — http://www.westernunion.com — also allows customers to apply for a loan, send messages and locatethe nearest Western Union store. Customers using these serviceswere not affected.

Western Union offers similar services on a separate Web site —http://www.moneyzap.com — and customers using that site also werenot affected, Ziverts said.

Western Union said the problem was caused by human error and notan inherent technical flaw. Ziverts explained that employeesconducting regular maintenance on the company’s computer systemsleft parts of the Web site unprotected, allowing hackers to breakin.

Marc Rotenberg, executive director of the Washington-basedElectronic Privacy Information Center, said the Western Unionsecurity breach reflects the risks to consumers as companies rushto do business on the Internet.