Law enforcement officials believe they have tracked down the source of the compromised debit and credit card information that has affected more than 500 people in Pullman.
The owner of Dissmore’s IGA, Archie McGregor III, said he was contacted by local police and the U.S. Secret Service in late September about a possible security breach of the store’s credit and debit card processing system.
While officials at the Pullman Police Department had denied the rumor that Dissmore’s IGA was the source of the compromised information for weeks, they now acknowledge it is a possibility.
More than 540 fraud cases have been reported since mid-September, said Cmdr. Chris Tennant of the Pullman Police Department. Those individuals are likely a fraction of the actual number of victims because few people report fraud to the authorities.
McGregor said since he was alerted of the possible breach, the security system at Dissmore’s IGA has been updated multiple times.
“We take this seriously and we constantly update (our security systems),” McGregor said.
He also said he has done everything he could to investigate the matter and so far there is no conclusive evidence proving that Dissmore’s is the source of the compromised financial information.
“I've also hired a forensic company, and as of to date, they have not found anything,” McGregor said.
Pullman Police Chief Gary Jenkins said it is likely that the majority of the cases are from a security breach that occurred between May and July, but he could not confirm that it was Dissmore’s IGA.
“We can’t say with certainty that it was one place,” he said.
Jenkins expects new reports of fraud to come in as the aftermath of the security breach continues, but he is confident any security breach responsible for the mass of compromised accounts has been fixed.
The account information was likely stolen digitally then sold on the “cyber black market,” Tennant said. Many of the Pullman-based cards have been reproduced in “clusters” throughout the U.S. A large concentration of the stolen account information has appeared in New Jersey, Florida, Maryland, Pennsylvania and Texas, as well as some international locations.
While the police are still investigating a few users of the stolen account information, Tennant said, solving the digital side of the crime is beyond their capabilities and they have been working with the U.S. Secret Service.
Kevin Miller, a secret service agent in the Spokane field office, said they are investigating the source and the cyber criminal aspect of the case.
While the number of cases appears substantial, he said they have dealt with cases with a larger number of victims.
“It’s big for a small community like Pullman,” Miller said, “but in the grand scheme of things, it’s small.”
Senior political science major Derrick Skaug said he had two cards from two different banks compromised. In early October, someone had used one of his cards in Canada to spend $150 at an electronics store. His second card was used a few weeks later to buy $70 worth of products at Walmart.com.
Skaug said his bank reimbursed him the stolen money and he did not report either case to the police.
“All of it was done nationwide,” he said. “I didn't see how the Pullman police could track it down.”
Before this recent spike in fraud cases, the police department received about one or two reports of fraud a week, Tennant said. Now the department receives up to 80 new reports a week, and in the first few weeks of the investigation, they received about 20 to 30 new cases a day.
“I have a very tired detective who has been working with other jurisdictions to try and track down some of the users of these cards,” Tennant said.
The majority of the cases, however, don’t have enough information to pursue.
Most of the crimes occurred outside of the department's jurisdiction, he said. For each case they need to get subpoenas and warrants to obtain the information from the different stores where the cards were used.
“These cases are extremely difficult to work,” Tennant said.
Pullman resident and WSU professor Doug Hindman said his credit card company left him a voicemail alerting him of a possible fraudulent transaction on his account in early November.
Someone had attempted to use Hindman’s credit card to buy $300 worth of groceries at a Safeway in Portland, Ore.
Hindman, who had not traveled to Portland in more than a year, said his credit card company denied the transaction and cancelled his card, and he received a new one in the mail a few days later.
“This is probably the most significant crime this year that has affected the largest number of people,” Tennant said.
He also said the police department is nearing arrests of individuals who have used some of the stolen account numbers in the region. However, it’s unclear when arrests will happen.