DMSI did not, however, notify its customers about the breach.

After the Associated Press contacted the company, DMSI now plans to contact consumers. According to the story:

This hack might have stayed quiet except for online chatter detected in June by Affinion Group Inc.'s CardCops, a group of investigators who track payment-card theft for financial institutions. In Internet chat rooms frequented by card thieves, CardCops spotted hackers touting the sale of 200,000 payment cards belonging to one merchant. CardCops then intercepted several hundred of the records, along with the online handles belonging to hackers whose real names remain unknown.

Along with the card numbers, their three-digit "security codes" and expiration dates, the thieves had the cardholders' names, addresses and phone numbers. The data had been organized in the same way, indicating the numbers likely came from the same database. CardCops' president, Dan Clements, also noticed that the vast majority of the cardholders were women, a clue that the records came from a merchant catering to a certain demographic.

Need I tell you this is my Naughty Business of the Week pick? This is why 44 states have passed laws forcing companies to disclose data breaches to customers. As Liz has told you, in Maryland, the law requires businesses alert consumers when their personal information --- names, dates of birth, Social Security numbers, credit card numbers or other identifiers --- has been compromised by a lost backup tape, theft of a laptop or hard drive or the inadvertent posting of a file on a Web site.

How can you even protect yourself if you don't even know that your information has been compromised? This just shows you how important it is to look at your credit report carefully. Shame on Direct Marketing Services for leaving its consumers in the dark.

(Associated Press)