TJX Is Biggest Data Breach Ever 104
jcatcw writes "Jaikumar Vijayan reports for Computerworld that TJX is finally offering more details about the extent of the compromise which, at 45.6M cards, is the biggest ever. He has been following the story since it started. The systems that were broken into processed payment card, checks, and returns for customers of T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright stores in the U.S. and Puerto Rico, and customers of Winners and HomeSense stores in Canada and T.K. Maxx in the U.K. Customer names and addresses were not included in the stolen data. So far the company has spent about $5 million in connection with the breach. Several lawsuits that have been filed against the company, including a suit by the Arkansas Carpenters Pension Fund, one of its shareholders, for failure to divulge more details about the breach."
The Answer is... (Score:5, Insightful)
The simple answer for users, and it exists now: Revokeable Credit Cards.
The long term is separation of credit and banking from the Social Security system.
Example (Score:5, Insightful)
Ok, so you're not responsible.
How do you know how they got your info? It could have been from a call center, when you called about double billing you over and over. It could have been when you called your bank, which also has call centers in India. It could have been when you lost your card, someone found it.
Point is, you probably will never know how they got your info. Only that they did. Even if you did find out, could you prove it in a court of law enough to sue TJX?
inevitable (Score:1, Insightful)
I wonder if making the upper management personally responsible for losses in cases like these would change their perceptions.
Re:Example (Score:3, Insightful)
I have no pity for someone who doesn't at least look at their monthly statements.
The risk to your credit is absolutely minimal if you pay attention, and call the 1-800 number on the back of the card to dispute the claims immediately.
As for suing TJX, you wouldnt. You just get your money back, and the CC company goes after the guy who fraudulently used your card.
I've had my credit card stolen (physically) and dealt with this. At first I was freaked out, "o noes identity theft" and all, but after a phone call I had my money back the next day.
As an epilogue, the moron who took it worked with me, and used it at the gas station across from my work - the station manager had no problem letting our company pres and I check out the tape, and there's dumbass.
In my case he didn't get a chance to spend more than a grand before I phoned the card in, so it was just petty theft. I never had to follow up on it, though, BoA did that.
Re:what OS was it running on .. (Score:1, Insightful)
Systematic Credibility Gap (Score:3, Insightful)
1. Credit Agency mistake
2. Creditor error
3. Criminal activity
4. Poor security measures by xyz company
5. ???
With each of these is these problems, the onus for repair is on the customer / victim. There is no standard or easy resolution.
Meanwhile... (Score:5, Insightful)
In other news a story on Microsoft's Get The FUD [microsoft.com] campaign mysteriously disappears, the title was: 'TJX Chooses Windows Over Linux for Reliability and Security'.
I'm joking, but you never know. On a more serious note: what mystifies me is why these companies need to store customers credit card details at all?! Having had experience with POS (Point of Sale) I know that the system should keep these details long enough to complete a transaction, then it should delete it.
Security starts with only keeping the information you need. Courts should be questioning why these companies retained this data in the first place!
watching too many episodes of 24 .. (Score:4, Insightful)
An interesting exercise in fallacious reductio ad absurdum. Just because they passed the cards don't mean they wrote the code and the Florida police caught them port-scaning the server and only arrested them to give the real criminals time slip out the back door.
Do you seriously think the hackers would drive about Florida trying to pass the stolen cards, especially months after it went public. The six are more likely to be down stream crooks that purchased the stolen card details not realising where they came from.
Re:All encompassing (Score: 5, Interesting