Western Union Holdings Inc. said that its Web site was hacked last Friday and the perpetrators gained access to 15,700 customers’ credit and debit card information.
“Friday during the day, we learned there was a security breach on our Web site,” said Peter Ziverts, spokesman for Western Union. “During an audit of the system, we learned about the breach.”
The company is attributing the security breach to human error as a file was left unprotected and gave access to information that provided hackers with a list of names, addresses and credit and debit card information, Ziverts said.
“We are putting enhancements in place to make sure this doesn’t happen again,” he said.
After the security breach occurred, Ziverts said Western Union officials began compiling a list of affected customers and notified lenders like Visa USA Inc. and MasterCard International Inc. of the security breach to try and bring the potential level of liability down to zero. Affected card holders were notified about the security problem by phone, e-mail and mail, Ziverts said. “We’ve tried to take the responsible approach,” he said.
Ziverts Monday afternoon said that he had no knowledge whether the potentially accessed credit or debit card information had been used. Western Union, a subsidiary of First Data Corp., and U.S. law enforcement are investigating the security breach. Ziverts said this was the first time someone had tried to breach the company’s Web site security.
The Western Union Web site currently reads “Our Web site is temporarily out of service. We apologize for any inconvenience.” Ziverts said the company hoped to have the Web site back up and running by the end of Monday.
Western Union’s Internet-based, money-transfer service kicked off in June, and an official launch was planned for sometime this month. The site allows customers to pay by credit card to send a wire transfer to someone who can pick it up at one of the numerous Western Union locations.
Western Union’s other lending Web site, MoneyZap.com, which allows card-to-card money transfers was not affected by the breach, Ziverts said.
Western Union, in Englewood, Colo., can be contacted at http://www.westernunion.com/.