April 18, 2005

Polo Resolves Software ‘Glitch’

NEW YORK (AP) -- Clothing retailer Polo Ralph Lauren Corp. (RL) said Friday that a glitch in its software that set off an alert about the theft of credit card information has been repaired.

Spokeswoman Nancy Murray said that the New York-based company was notified last fall that fraudulent charges were showing up on some credit cards. Bank card issuers, she said, asked Polo Ralph Lauren to check its records.

"We found we were storing more information about persons' credit cards than we should have," Murray said. "We put in a patch to the software system (and) deleted all the data that had been in the system."

She said that "a forensic investigation of our systems showed there was no evidence of an internal or external breach."

Nonetheless, HSBC North America, a division of London-based HSBC Holdings PLC (HBC), said Friday it was continuing to notifying holders of the HSBC-issued, General Motors-branded MasterCard that criminals may have obtained access to their credit card information and that the cards should be replaced.

HSBC said earlier that about 180,000 GM-branded card holders were affected.

Neither HSBC nor MasterCard International identified the retailer by name, but The Wall Street Journal, which quoted "people with knowledge of the matter," said Thursday that the data was believed stolen from Polo Ralph Lauren.

MasterCard said in a statement that it was informed of a possible security breach "of transaction data associated with a U.S.-based retailer" in January 2005 and had launched an investigation immediately. The statement said banks that are members of the card association were notified.

"Investigations into this incident by MasterCard, law enforcement and other parties are ongoing," the statement said.

Visa USA issued a similar statement, saying it was notified "by a U.S. merchant" of a possible data security breach. Visa USA said it was working with the merchant, law enforcement agencies and its bank members "to monitor and prevent card-related fraud."


On the Net: