Buyers React To ARC Theft

Charge card numbers and reservation information were among the data housed in a computer stolen from the offices of ARC, and corporate travel managers this week worked with their vendors and internal security personnel to determine whether they should cancel and reissue the affected charge cards. ARC on Tuesday said equipment including a computer that contained "information related to travel transactions" was stolen "recently" from its offices in Arlington, Va. "All the information available to date indicates that the crime was a property theft. To date, no misuse of data has been reported to ARC." To comment further could impede the police investigation, ARC said.

"We have given to our account relationship managers lists of any travelers with outstanding travel plans, which they are sharing with customers who can then evaluate whether to leave alone those reservations and charge card numbers," said a spokesperson for American Express. "ARC is saying the full reservations were not compromised, just the ticket coupon details. We've been monitoring our systems and haven't seen any signs of fraud. We are continuing to do so and have enhanced that monitoring, but we don't at this point see a need to reissue cards. Obviously, that's up to the customers."

Some are taking no chances.

"The card companies weren't concerned with card information theft since they thought it was a property theft only and don't think the data was what the burglars were trying to get," said Cargill Inc. travel manager Lisa Trenda. "We hope they are right, but we decided to take necessary precautions and we've reissued cards to all people affected. To us, being proactive on what 'might' happen to the data was the best answer, versus waiting to see if and when the burglars decide to use the information. Fortunately, personal address information wasn't on the data."

Despite ARC's conviction--echoed in press reports by some airlines and banks--that the theft was equipment-related, one buyer noted that, "Now that the news is out, the burglars may know the data are valuable as well as the hardware."

Cargill's Trenda said information on 17 company travelers was in the computer, while other companies reported having one or two travelers involved. Buyers with two large companies, however, complained that they were nervous about their charge card vendor being too slow to notify them of whether there was company information on the stolen machine.