PORTLAND, Maine — State police are investigating a security breach of a jewelry store company’s computer system that potentially compromised thousands of credit and debit card numbers.
Officials at Day’s Jewelers said they recently became aware of possible illegal access to the company’s credit and debit card information. The Waterville-based firm said a likely time frame has been determined, but it declined to identify the span.
Day’s has five stores in Maine and one in New Hampshire.
The Maine Credit Union League said more than 1,000 credit union members in Maine who made purchases at Day’s stores in November and December have had fraudulent activity on their cards. The figure is only for cards issued by Maine credit unions and doesn’t include those issued by commercial banks, credit card companies and other financial institutions.
“We know based on talks with individual credit unions that the number of people impacted is over 1,000 and it’s likely over 2,000,” said John Murphy, credit union league president. “But you don’t really know until a little time passes the total number of folks impacted.”
The Maine State Police Computer Crimes Unit declined to comment because the investigation is ongoing. Day’s has hired a computer forensics company to determine how the breach happened and identify the information that was compromised.
“We are working diligently with law enforcement as it investigates this criminal activity,” Day’s President Jeff Corey said in a statement.
Some credit unions have suffered financial losses, but customers will not be liable for any losses because of fraudulent transactions, Murphy said.
The security breach at Day’s comes two years after a highly publicized breach involving the Maine-based Hannaford supermarket chain.
In that case, hackers accessed more than 4 million credit and debit card numbers used at 165 Hannaford stores in the Northeast and 106 Sweetbay stores in Florida. At least 1,800 numbers were stolen and used for unauthorized purchases.