Debit card fraud spree linked to security breach

A spate of fraudulent debit card charges in Massachusetts, New Mexico and Bermuda is being linked to a case that led some West Coast financial institutions last month to replace 200,000 cards.

Citibank, a major issuer of debit and credit cards, has "detected several hundred fraudulent cash withdrawals in three countries", according to a spokesman. The bank told customers the thefts are a result of an information breach at a "third-party business" that it did not name.

Meanwhile, at least seven financial institutions in Western Massachusetts reissued debit cards last week after hundreds of customers noticed charges on their accounts from places including Barcelona, Pakistan, Romania and Spain, according to a spokesman for the state's Consumer Affairs Office (CAO).

The situation prompted the CAO and the Division of Banks to release a joint statement urging debit card holders statewide to check their accounts for fraudulent activity.

Two banking sources, speaking on condition of anonymity, said the recent cases are tied to the massive debit-card replacement on the West Coast last month. In that case, Bank of America, Washington Mutual and other banks notified customers that a security breach at an undisclosed merchant had forced them to take precautions.

Sources told silicon.com sister site CNET News.com the West Coast investigation found that a large number of people whose debit cards were compromised had previously shopped at office-supply chain OfficeMax.

Police in Leonminster, Massachusetts, a community 40 miles west of Boston, said their investigation has also turned up a link to OfficeMax.

The Leonminster Police Department has received 29 complaints of debit-card fraud since last week, said detective Scott Wolferseder. He said he's interviewed at least eight of the victims, and each one had shopped at OfficeMax in the last six months.

Wolferseder said: "I thought that the thefts may have involved a skimming device installed at local ATMs. Now I'm following up this OfficeMax connection."

He cautioned that it's still too early in the investigation to draw any final conclusions.

An OfficeMax spokesman said the company has no indication that it suffered a security breach. He declined to comment about the findings of the Leonminster police.

A representative of the FBI's Charlotte bureau, which is overseeing several debit card fraud cases, including those on the West Coast, was unavailable for comment.

Greg Sandoval writes for CNET News.com