CSU officials confirmed Tuesday that a security breach compromised more than 580 university credit cards — and that number is one that “will probably grow.”
The credit cards, known as ACARDs, are issued to select staff, faculty and students as a procurement payment method to make small, non-recurring purchases under $3,000. Cardholders are able to make departmental purchases tax-free through the university.
“I received a phone call late yesterday from JP Morgan Chase saying that there are compromised cards at CSU,” ACARD Program Administrator John Swaro said in an e-mail to cardholders and later obtained by the Collegian. “This is the largest to date.”
Swaro’s e-mail said MasterCard did not know who compromised the cards, and JP Morgan Chase, who partners with CSU to issue ACARDs, could not be reached for comment.
CSU spokesperson Dell Rae Moellenberg said she was not aware if similar security breaches have previously occurred.
In the e-mail, Swaro said he planned to begin the process of cancelling and re-issuing the compromised cards — something that could take up to three weeks.
“We can’t make purchases for three weeks. We can’t make purchases we need to make,” student government president Taylor Smoot said. Some Associated Students of CSU members utilize ACARDs regularly for purchases.
“It puts a damper on our organization quite a bit,” Smoot said.
In an e-mail, Moellenberg said CSU has no reason to believe that any university databases or credit card information was accessed, but Swaro advised cardholders to review their transactions and report any apparently fraudulent charges to the bank immediately.
While the number of cards compromised may be the “largest to date,” this breach is not the first.
In July of 2006, University Counseling Center employee Reva Jeanette Miles was convicted of felony theft and misdemeanor credit card fraud for stealing $17,000 from CSU. Her crime included inappropriate ACARD purchases.
In an unrelated incident, Moellenberg said about 230 RamCard Plus cards — Visa debit cards issued to students by First National Bank of Colorado — were compromised as part of a national data breach.
RamCard Plus accounts are not related to CSU’s bank accounts or ACARD.
Enterprise reporter Jim Sojourner can be reached at firstname.lastname@example.org.