Navigation Top
AGO Logo Graphic
AGO Header Image
File a Complaint
Contact the AGO
July 27, 2005
States Await Details on CardSystems Security Breach

OLYMPIA –Attorney General Rob McKenna today issued the following statement in regards to a request from states that CardSystems Solutions provide information about its security breach:

“ While we were encouraged by initial contacts by CardSystems that the company would comply with our request, we are disappointed that we have not received a formal response and documentation that we requested by the July 25 deadline.

“ Consumers affected by the security breach need to be notified, and it is CardSystems’ responsibility, working with its clients, to provide that information.

“ This week, a new Washington state law took effect requiring agencies and businesses that own and license digital data to provide prompt notification in the event of a security breach in which personal information is compromised.

“ Although this new security breach law was not in effect at the time the CardSystems computer break-in was discovered, CardSystems must take affirmative steps to mitigate consumer injury. Thus far, the company has failed to provide a plan as to how it intends to notify consumers and prevent a similar data leak in the future. These failures are not acceptable. We are in contact with other states to consider our next course of action.”


The National Association of Attorneys General sent a letter June 28 to the senior vice president and legal counsel for CardSystems, demanding the company inform all consumers affected by its recent security breach. The letter, proposed and authored by McKenna, was signed by the attorneys general of 44 states, the District of Columbia, and American Samoa, the Northern Mariana Islands, and Puerto Rico.

McKenna also sent a June 20 letter to CardSystems requesting information specific to Washington state consumers.

CardSystems processes credit card and other payments for banks and merchants. Hackers reportedly installed a rogue computer program that enabled them to download data on some 240,000 of the 40 million accounts in CardSystems’ system. MasterCard announced the breach in June of this year. The data reportedly did not contain Social Security numbers or driver's license data.


For more information contact:
· Janelle Guthrie, Media Relations Director, at (360) 586-0725 or via e-mail at or
· Kristin Alexander, Consumer Protection Public Information Officer, at (206) 464-6432 or via e-mail at


Content Bottom Graphic
AGO Logo