Is there a HUGE undisclosed breach??

From the Consumerist blog, this article lays it all out:

Anecdotal evidence suggests that a recently reported data breach by an undisclosed "major retailer" has resulted in a jump in consumers having their debit cards forcibly reissued, or calls from their bank to verify their recent purchase history. The problems seem to have started just around Christmas time and have continued into mid-January.

And here's an alarming report from a victim of the purported theft wave:

 "Citibank contacted my husband and told him that they would be re-issuing him a new account number because a "major merchant" had notified authorities that its secure data had been compromised. They would not release the name of the merchant, instead saying that it was "the kind of thing we would probably hear about in the news," she writes.

Food for thought:

• Is this nationwide or regional?
• Is it a vendor or 3rd party processor breach?
• Does this fall within legal definitions of breach disclosure?