X

FBI widens probe of debit-card theft

A possible security breach involving at least one major retailer may be tied to other crimes and affect other companies.

Greg Sandoval Former Staff writer
Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.
See full bio
Greg Sandoval
2 min read
The FBI has expanded its investigation into a debit card fraud that has mostly affected 200,000 consumers in the Western United States, saying that the case might be linked to other debit card thefts around the country.

The FBI's Sacramento bureau initially took control of the investigation. Last week, it was moved to the FBI office in Charlotte, N.C., after officials there learned that the case might be related to one of their investigations, said Special Agent Karen Ernst, the spokeswoman for the Sacramento office. She and FBI officials in Charlotte declined to provide details about the Charlotte investigation.

Starting late last year, banks and credit unions, mostly in California, began issuing new debit cards after some account holders discovered fraudulent withdrawals at overseas ATMs. Banking officials said they traced the problem to a security breach involving at least one major retailer.

Neither the banks nor credit card companies, such as Visa and MasterCard International, would disclose the name of the merchant.

As first reported by CNET News.com, an initial investigation into the matter revealed that the case might involve two separate retail chains--one that has acknowledged a problem and another whose possible role is uncertain.

Asked whether the FBI's investigation in Charlotte involved any retailers, Ken Lucas, the bureau's spokesman, declined to name industries or particular businesses but said that "there's a potential out there that a number of companies could be involved."

One company that has acknowledged a security breach is the United States' largest retailer, Wal-Mart Stores.

In December, Wal-Mart acknowledged that credit cards used by some customers who bought gas at the company's Sam's Club stations between Sept. 21, 2005, and Oct. 2, 2005, had been compromised. Many Sam's Clubs also accept debit cards.

There are more than 500 Sam's Clubs in the United States.

But the trail doesn't end with Wal-Mart, sources close to the investigation have said. As investigators began to look into the rash of unauthorized charges, they found that a large number of people whose debit cards were compromised had one thing in common: They previously had shopped at office-supply chain OfficeMax, said a banking source familiar with the case. Two law enforcement sources also said OfficeMax is part of the investigation but did not provide details.

None of the sources, who requested anonymity due to the ongoing investigation, knew for certain whether OfficeMax had suffered a security breach.

OfficeMax said it has not suffered any security breaches.

According to one banking official close to the case, OfficeMax has been queried by at least one financial institution about the matter.