Ladies And Gentlemen, We May Have A New Winner For Most Credit Card Data Leaked
from the congrats-all-around dept
There was some talk yesterday about how TJX, the parent company for discount clothing stores T.J. Maxx, Marshalls and some others had lost some credit card data after their systems were hacked. Today, additional information is starting to come out suggesting that this may take the lead as the largest single set of compromised credit card data, reaching even beyond the 40 million or so records lost by CardSystems a few years back. Since those responsible for that data loss only got a slap on the wrist, perhaps it's not surprising that others haven't done much to beef up credit card security. In fact, another article on this story claims that, despite strict guidelines from Visa and Mastercard for how this type of data needs to be handled only 31% actually comply with the guidelines -- and apparently TJX is among those who don't comply (big surprise there). Since it's apparent that not much has happened in the past few years to better protect our data, expect plenty of fretting over what this means and how to do a better job... until enough people forget about it, and we're all set up for a year or two down the road when we'll have a new winner in the largest single data leak ever.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Why not? The chance of criminal prosecution for "accidentally" losing the data is zero. Hell, there aren't even any risks from civil litigation. And I'm sure that you can set up a nice offshore account with the proceeds from the sale of 40-50 mill credit card numbers.
[ link to this | view in chronology ]
Visa/MC Need to Enforce
Visa/MC are relentless and remorseless on chargeback decisions, you'd think they could get the same people onto compliance.
[ link to this | view in chronology ]
FUCK FUCK FUCK SarbOx
[ link to this | view in chronology ]
I remember
[ link to this | view in chronology ]
oops
[ link to this | view in chronology ]
credit cards
[ link to this | view in chronology ]
Well I think they should be held responsible
If you have ever had your identity riped off and what a hassle it is to get it cleaned up! Its a freaking nightmare!
Those companies that just shrug off security of the data loss, after a few people win some large sums for pain and suffering, and let me tell you dealing with false info on your credit history is a night mare to fix !
[ link to this | view in chronology ]
hacked credit card info
[ link to this | view in chronology ]
What's a feller to do?
Does this leak apply only to those that have a TJX card or is it also applicable to anyone who has charged a purchase at their stores?
The info holding company should be liable for info theft. Especially as those who've provided said information have done so with the expectations of that information being held securely.
[ link to this | view in chronology ]
Yeah, I really don't get why they were storing that data anyway. They obviously need some work on the HOW of their storage, but really, why was that data even there, in the first place?
[ link to this | view in chronology ]
I wonder if I got hit here
I would love if that were the case, not for any damages (I got a hold of the vendors before anything was sent) but just for the explanation. The only charge that ended up finalizing was like $100 fortunately.
I like to think I'm very careful online and it was definitely disquieting to see charges someone else placed on my bank statement.
[ link to this | view in chronology ]
Here we go...
the millions of dedicated fans, Mastercard treats us with that cute little commercial where a fast moving, perfectly run, "Burger Joint" comes to a screeching standstill because some poor schumck has the odasity to use CASH!!! instead of just
swipping a "Preferred credit card"....and of course everyone
in the place gives the guy the evil eye for being different..
All that for a fricken Hamburger!!!!
Think were not being "Prepped" for a more convieniant, and "safer" cashless monetary system?? I'm with oops,
insidious thats the word...
[ link to this | view in chronology ]
Re: Here we go...
I can't believe how many businesses no longer accept checks! It's definitely a first step in something major forthcoming! The reasons businesses are giving for the exclusion of business with checks is getting ridiculous too. I read a sign just today that said it was due to the increased bank costs associated with using checks! My thought on this was 'Don't you have to process a transaction regardless of payment method?' So rather than say they are fumbling idiots in the world of commerce and can't develop a system of checks and balances to keep a few morons from writing hot checks, they simply default to a moronic answer like 'Sorry, costs are too high!'
Buddha and Murphy both say "Don't run business if you can't accept legal tender in all of its forms."
[ link to this | view in chronology ]
Re: Here we go...
[ link to this | view in chronology ]
Re: Re: Here we go...
[ link to this | view in chronology ]
Re: Here we go...
[ link to this | view in chronology ]
What do you mean why?
[ link to this | view in chronology ]
at least they got it right
[ link to this | view in chronology ]
Re: at least they got it right
[ link to this | view in chronology ]
Job Opening in Framingham, MA
Please send your resume and your first-born to:
TJX's Corporate Headquarters are located in Framingham, Massachusetts:
The TJX Companies, Inc.
770 Cochituate Road
Framingham, Massachusetts 01701
Main Number: (508) 390-1000
We want your first-born because if you screw up, we'll sell him/her to the gypsies.
[ link to this | view in chronology ]
I like it
[ link to this | view in chronology ]
Lemonade
A company dedicated to handling identity monitoring and repair, paid for by judges decree and settlement money from TJX lawsuit.
Oh wait, involves lawyers....
nevermind.
-Eric
[ link to this | view in chronology ]
Checks are worse!
NO! If I hang a sign on my cash register that says "We only accept beer" then you have to pay me in beer if you want to make a purchase. Checks are less secure and more costly to handle than credit cards. Go ahead, use a check. You're giving the clerk and everyone in between who has to touch it your banking account number, your routing number, full name, home address, and usually the name of your spouse as well if it's a joint account. They have it in their hands after you leave and are free to make photocopies, write down that info, etc without anyone knowing. I can't believe people are still using checks!
At least with a credit card, it's in your sight the whole time the clerk has it. Usually receipts only have the last 4 digits. So unless the clerk has some sort of copying device attached to the swiper (or a photographic memory), they have no way of getting your number.
As far as the extra processing cost, think about it. That piece of paper gets stored somewhere until the store has a good sized pile, then someone takes it to the bank, then someone working at the bank has to do data entry and scan your check (they'll do that whether or not you're signed up for electronic statements). That's then got to get stored as an image file in their computer systems, which takes up more space than a simple text string as a result of a credit card transaction would. As a result, banks charge a premium for handling paper checks. This charge gets passed on to the business, and the business can't tell you "Well it's going to cost you $3 more than the next guy because you're using a check" because people who try to use checks freak out at statements like that. They don't understand how much extra processing it takes!
Yet another not to take checks is that any moron can go down to the Staples and buy a color printer and even blank checks. It's so much easier and cheaper to make counterfeit checks than it was even five years ago, so there are a lot more of them floating around. And there is no way to verify funds from a check while the person stands there, like you can do with a credit card.
On top of that, it looks suspicious. With debit cards being handed out like candy, why would someone who has a checking account bother to use a check instead of the debit card? Why carry around checks and waste time in line writing them out if you aren't up to something?
Checks are good for paying relatives or friends, in birthday cards as gifts... and that's about it.
[ link to this | view in chronology ]
Re: Checks are worse!
I gotta agree with that. I just can't understand why anyone uses a check, except for little grey haired people who are suspicious of credit cards and too scared to carry cash.
As per security, I've read some studies that show with the amount of counterfeit currency out there, credit/debit cards can actually considered more safe because the available funds can be verified instantly and when stolen they can be cancelled very quickly.
[ link to this | view in chronology ]
Checks are MUCH worse!
It's tough enough packing your goods in the cart while watching the screen to check that the prices charged are correct, but it becomes comedic when you have to juggle pen and checkbook as well.
Then you have the Drivers License inspection and, more often than not, the "gotta-call-a-supervisor" shuffle, which turns comedic into annoying.
And thanks to Check 21, the check will likely clear immediately, if not overnight. The float is history, folks!
And now back to our regularly scheduled programming...
[ link to this | view in chronology ]
making a better hash of it
Of course I assume there are smarter scientists than you and I working for banks (that maybe a very dumb assumption :), so the motive for not having this obvious system is one to ponder isn't it?
[ link to this | view in chronology ]
Why do retailers want to keep them around? I just don't get it. I understand a health club or similar that has authorization to do recurring charges, but a retail store? WTF?
[ link to this | view in chronology ]
everyone
http://blog.myspace.com/193987950
[ link to this | view in chronology ]
how to get full info cc!!
VALID credit card information.
Now you have to do exactly the same as follows:
(Don't send this email this is only an example how to write Hack.)
Please get some valid/true credit card and try!!it useless if use fake cc!!
Send an Email to mailto: server01010@yahoo.com
With the subject: accntopp-cc-E52488 (To confuse the server )
In the email body, write: boundary="0- 86226711-106343" (This is line 1)
Content-Type: text/plain; (This is line 3)
charset=us-ascii (This is line 4, to make the return email readable)
credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)
name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)
CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)
000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
address,city (This is line 19, has to be LOWER CASE letters)
0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
phone number ( put a zero under each character, number, letter, hyphen, etc)
type of card (This is line 27, has to be LOWER CASE letters)
000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)
date (This is line 31, has to be LOWER CASE letters)
000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35
Return-Path: (This is line 36, type in your email between )
You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000's are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won't get anybody's credit card information. Here's a sample email .
Here is an EXACT email which you have to send to server.
(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)
Send to: server01010@yahoo.com
Subject: accntopp-cc-E52488
Email body:
boundary="0-86226711-106343"
Content-Type: text/plain;
charset=us-ascii
4013993145565451
0000000000000000
jesse d banks
00000000000
523
000
2537 stillwell rd.,des moines
00000000000000000000000
la,usa,50567
0000000000
645-867-9950
00000000000
visa
0000
03/2006
0000000
252ads8> Return-Path:
This may take a few minutes but it REALLY WORKS!!! If you try it now, you'll gain access to people's credit cards' information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you'll gain different cards' information.
I've received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I've only used 5 numbers so far, on ebay. I bought 2 playstation 2's, tons of games, a laptop, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun, and theres no need to get hundreds of numbers, you cant use them all
HACKERS FOREVER!!!!
Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion.
[ link to this | view in chronology ]
I know a lot about it and am eager to help.
[ link to this | view in chronology ]