An unknown network intruder stole details of nearly a half million credit card accounts from an e-commerce site and tauntingly stored them on a US government computer, MSNBC reports. Credit card companies notified financial institutions, but many of the compromised accounts remain open because the banks neither closed them nor notified customers of the theft, the news service says. The theft occurred over a year ago, but only a few whispers have thus far been made public. The crime is mentioned in a letter dated 27 December from Visa USA to its member financial institutions. US Secret Service spokesman Jim Macken confirmed that the incident had occurred and added a few details in an interview with MSNBC on Thursday. "This government Web administrator noticed that a lot of the memory was chewed up for no reason, so he checked and found the file," Macken said. There was no evidence that any of the cards have been used fraudulently, he added. The letter leaked to MSNBC said that authorities had not identified the thief, but Macken said investigators have since traced the criminal to Eastern Europe. The investigation is continuing and involves diplomatic contacts with the country in question, he said. The Internet retail site from which the data was stolen has also been identified, but Macken declined to name it. MSNBC originally received a copy of the letter from an employee at the Navy Federal Credit Union, quoting federal authorities saying that the credit card information including expiration dates and cardholder names and addresses was stolen from an un-named Internet retail site by an intruder. Officials at the credit union took no action to warn customers whose account numbers were among those stolen, said the whistle blower. Instead, they ordered a spot check of 50 to 100 accounts and then decided that no further action was necessary, according to the source. The source said the credit union followed the same procedure two weeks later, when Visa alerted the institution of a separate theft of data on 300,000 credit cards from the CD Universe Web site -- the biggest theft of credit card data over the Internet previously made public. "It was decided that....it would be too much of an inconvenience and too costly to shut down the accounts and issue new numbers," said the source. "It was deemed not the credit union’s responsibility." Green Wall of Silence A spokeswoman for the credit union declined to return MSNBC's calls Thursday. Calls to American Express and several banks seeking information on their response when notified of the theft also went unanswered. Scott Lynch, a spokesman for Visa USA, told MSNBC he could not comment on the case. Alicia Zatkowski, a spokeswoman for Discover Financial Services, said the firm’s fraud investigators were not aware of such a case. Vincent DeLuca, vice president of fraud control at MasterCard International, said, "We are aware of some cases but we’re not at liberty to talk about any ongoing investigations." Several financial institutions ordered the replacement of cards that were compromised in the recent CD Universe case, also currently under investigation. Such replacement programs are normally well publicised in an effort to reassure consumers, MSNBC notes. Such wholesale compromises, on the other hand, are usually kept as tightly-guarded as possible, lest customers learn how poorly their personal data is protected by most commercial Web sites. We wonder how many other such incidents have yet to be revealed. Perhaps this outrageous incident will convince our elected officials that it's time for retail Web sites to be held accountable for their blunders. The current emphasis on expanded online law-enforcement is doomed. Only a trivial number of malicious intruders will ever be caught; indeed, not a single foreign intruder known to have compromised credit card information stored on US servers ever has been. US House Commerce Committee Chairman Thomas Bliley (Republican, Virginia) summed up the US Government's Pollyannaish view of e-commerce when he called it "the goose that lays the golden eggs" during a recent Internet conference at George Mason University. But the golden goose is already shaping up as an irresponsible little honking dictator. It will only get worse if e-commerce is allowed to continue developing without accountability. E-commerce demands tax exemptions; it demands a suspension of the normal rules of customer privacy protection; it demands self-regulation and market-driven solutions to all its various follies. Then it has its under-protected servers whacked by some fifteen-year-old script kiddie, and goes whingeing to the Secret Service or the FBI. It's not merely an ethical issue; it's practical as well. The outrages will continue -- and largely in secret -- until the dot.coms are forced, like the rest of us, to pay for their mistakes. ®