|
|
|
NEWSWIRE
|
|
Data breach burns Northeast clubs |
By John Craig, Editor - 05.08.2008
|
SCARBOROUGH, Maine - A supermarket chain's loss of credit-card data has taken a bite out of EFT payments at dozens of northern New England health clubs, as banks canceled tens of thousands of cards to avoid possible theft.
Besides creating a headache as clubs scramble to obtain new card numbers for billing purposes, the breach could do long-term damage to membership rolls, some gym operators say.
STORY CONTINUES BELOWAdvertisement
"It's almost like you have to sell people their memberships all over again," said Chris Rondeau, operations chief for the Planet Fitness chain, which has more than 20 clubs in total in Maine, New Hampshire and Vermont. "Some people who haven't been coming to the club will decide they don't want to continue. And with warm weather approaching, it could be that much worse. Clubs won't get that money back."
The problems began in late March, when Hannaford Bros. Co. announced that between Dec. 7 and March 10, thieves intercepted data being transmitted at its 164 stores in the Northeast and affiliated Sweetbay outlets in Florida. The hackers gained access to as many as 4.2 million credit- and debit-card numbers, and their expiration dates.
The breach has led to more than 1,800 reports of fraud.
A class-action lawsuit accusing Hannaford of negligence was filed in federal court in Maine on behalf of cardholders whose data was exposed. Some health clubs are thought to be considering joining the suit, though the damage claims, legally speaking, might be a reach.
Clubs began to feel the impact of the breach during April billing, when the number of rejected cards were double or triple the norm.
Over the past few weeks, billing and software providers have been telephoning and e-mailing club members, seeking valid card numbers so bills could be processed again.
Some gym-goers have taken the initiative and supplied clubs with updated card numbers, and in some places, front-desk personnel have been flagging down members and asking for new card data.
"This is why I emphasize using checking accounts for monthly drafts," said Matthew Chabot, owner of Nashua Athletic Club in New Hampshire, which has three locations and 6,000 members.
Chabot was stung last year, too, when hackers swiped records of more than 45 million credit- and debit-card transactions at the T.J. Maxx and Marshalls clothing chains.
But the supermarket breach cut deeper.
"There are three Hannaford's in Nashua," he said. "A lot of our members shop there."
Chabot's software vendor, Twin Oaks Software Development, did the bulk of the bill chasing.
"It's been annoying," he said. "But I'm optimistic that it won't cost us many members."
M.J. Laliberte, general manager at Twin Oaks, said clubs would be wise to nudge members toward checking-account drafts.
Besides being targets of theft, she noted, "credit- and debit-cards are more likely to change because people are always getting offers for lower rates if they switch banks. Checking accounts tend to be more stable."
Rondeau, meanwhile, said the episode should serve as a wakeup call to club operators.
"This has definitely taught us a few things about how to deal with this situation in the future," he said. "There's no doubt that this type of theft is going to become more common, so we have to be ready for it."
Security officials have said the details of the Hannaford theft suggest there may be gaps in the security standards required by the Payment Card Industry, a coalition founded by credit card companies that sets rules on safeguarding data.
Hannaford, which was found to be compliant with PCI standards by an outside auditor, said the breach occurred at checkout lines as card data were transmitted to banks for approval. That differs from the usual method of attack - hacking into main servers.
|
|
|
| FITNESS BUSINESS NEWS INFO CENTER |
| |
|
|
|
|
|
|
|
|
|
