HSBC Bank PLC has sent letters to more than 180,000 of its credit card customers, warning that their card information may have been stolen during a security breach at a U.S. retailer.
The letters were sent Wednesday to MasterCard customers who made purchases with the retailer, a spokesman for the British bank said Thursday. HSBC in the U.K. would not identity the retailer publicly, but a report in the online edition of the Wall Street Journal Thursday, citing “people familiar with the matter,” said it was Polo Ralph Lauren Corp.
“HSBC felt it was important to inform our customers as early as possible about this problem,” the spokesman said. HSBC emphasized that the security breach did not happen at the bank’s end of the transaction chain, but instead at the retailer’s end. The nature of the breach is being investigated, the spokesman said.
Polo Ralph Lauren, based in New York, was not immediately available for comment.
A spokeswoman for MasterCard in the U.K. was unaware of the incident, but said it is common protocol for the bank that issues the credit cards to notify customers if there is a problem, since the bank is responsible for investigating cardholder problems and replacing cards.
“Obviously we are pleased that HSBC is attending to cardholder concerns,” the spokeswoman said.
Credit cards issued by other banks may also be affected by the security breach, according to the Journal report. Visa International Inc. in the U.K. declined to comment early on Thursday, referring the matter to its U.S. office.
The security breach is just the latest in a string of high-profile data theft reports. Earlier this week LexisNexis said a security breach at its huge public and private database could have affected as many as 310,000 people.