Iron Horse bike race reports fraud
Police looking into cause of compromised credit cards
Numerous people who registered for the Iron Horse Bicycle Classic may be victims of credit-card fraud, race officials said Thursday.
At least 20 people reported fraudulent activity since Sunday, said Gaige Sippy, race director for the event. Many more have come forward since news of the fraud was made public.
Race officials are unsure how widespread the problem is. They first learned of a possible problem Sunday, then received two more reports Monday and 15 reports Wednesday, Sippy said.
Race officials haven’t found any problems with their website and were working with third-party companies – including Mercury and Plug and Play – that handle credit-card processing to identify the cause of the breach.
Sippy said his own credit card had fraudulent activity, as did Ed Zink’s, co-founder of the Iron Horse Bicycle Classic. Some victims said the fraudulent activity occurred up to three weeks ago.
Sippy said he had “service” charges out of Florida, but other people reported charges to GameStop, Groupon, Micro Center, Lowe’s and the United States Postal Service, among others.
“It just seems random,” he said. “We still at this point do not know what the root cause is.”
The Durango Police Department is in the “infancy” of its investigation, said spokesman Lt. Ray Shupe.
It is possible breaches occurred at other businesses around town, Shupe said, but he was not immediately aware of which locations.
Investigators are working with banks to determine the scope of the problem, he said.
“We’re not sure yet what the common denominator is with all of it,” he said.
He recommended that anyone who used a credit card to register for the Iron Horse bike race should check their credit-card statements for fraudulent activity.
The citizen ride from Durango to Silverton sold out in 36 hours this year.
Sippy estimates 2,500 credit cards were used by people to register for the various cycling events to be held over Memorial Day weekend.
People who registered for any of the events are encouraged to call their credit-card companies and notify them of a possible breach and ask them to watch for suspicious activity.
A letter from Sippy acknowledging the thefts was posted Thursday on the website of the Durango Wheel Club – a local riding club – but nothing had been posted as of 5 p.m. on the Iron Horse website. Sippy did send an email to race registrants.
“All efforts are being made to identify what may have caused this to happen and get it resolved,” Sippy wrote in the email. “We apologize for the inconvenience.”