A backup tape containing credit card information from hundreds of US retailers is missing, forcing the company responsible for the data to warn customers that they may become the targets of data fraud.
GE Money, which manages in-store credit-card programmes for the majority of US retailers, first realised that the tape was missing from an Iron Mountain secure storage facility in October, said Richard Jones, a company spokesman. "We were informed that one of the tapes could not be located. But at the same time there was no record of it ever having been checked out," he said.
The tape contained in-store credit-card information on 650,000 retail customers, including those of JC Penney, he said. GE Money employees are also affected by the breach.
The missing backup tape was unencrypted.
Although JC Penney was the only company that Jones would confirm as affected by the missing tape, the retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach. "Clearly that number includes many of the national retail organisations," he said.
The tape also contained US Social Security numbers of 150,000 customers. When matched with name and address information, Social Security numbers can be used to set up fraudulent credit-card accounts, a common form of identity theft.
Jones said that following a GE Money investigation, there is no evidence that the tape in question has been stolen or that the data it contained was misused.
After reconstructing the data that was on the missing tape, GE Money began sending out letters to those affected by the breach in December. The company has set up a toll-free number and is offering one year of free credit monitoring services to those affected by the breach.
GE Money is a division of General Electric.