Western Union is notifying some 20,000 customers of a database breach that may have compromised their personal information, according to a report published earlier today.
The thieves got names, addresses, phone numbers, and complete credit-card information by breaching a Western Union database sometime in late May, according to a July 6 letter sent to customers by James Keese, Western Union's privacy officer.
The company did not provide details on how the breach occurred, but company spokeswoman Sherry Johnson told reporters that the database was "offline" and could not have been accessed via the Western Union Website.
"We are not aware of any ID theft or any kind of fraudulent use that was made from this information," Johnson said. The FBI is investigating the incident.
The authors of the report asked customers at a New York Western Union office about the letter, but none of the individuals they interviewed had heard about the incident. No notices about the incident were posted in the office, according to the report.
Western Union has suffered security breaches before. Last August, the company notified customers of its Equity Accelerator service that their data might have been compromised through a burglary at Paymap Inc., a Western Union contractor. In September 2005, thieves made off with disks containing personal data on Equity Accelerator customers from 1999 to 2002, according to a letter from Michael Mulligan, vice president of operations at Paymap.
And way back in September of 2000, Western Union was forced to shut down its Website for five days after a security breach allowed hackers to steal the credit or debit card numbers of more than 15,000 customers.
Requests for details on the breach have not been answered at this posting.
Tim Wilson, Site Editor, Dark Reading