TJX Fighting Hard To Raise The Bar Even Higher For Worst Credit Card Data Leak Ever

from the go-big-or-don't-go-at-all dept

Last month, TJX, the parent company of retailers T.J. Maxx and Marshalls among others, disclosed that it had lost a ton of customer credit-card and personal information, with some suggesting it could be the biggest breach ever. If you follow these sorts of things, you'll remember that the way they typically go is that the group that's lost the data will disclose a breach, then, after the initial furor has died down, they'll come back a few weeks later and say they lost a whole lot more than they first thought. With that in mind, any guesses as to what TJX has said today? Surprise, surprise -- a ton more information was exposed than the company first disclosed. This sort of leak continues to happen, and nothing gets done to put a stop to it. It doesn't appear that many companies care enough, or have the proper incentives to devote the necessary level of resources to security. But remember what the banks and credit card companies' surveys tell us: these breaches, and identity theft in general, isn't a problem.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Asian, 21 Feb 2007 @ 5:24pm

    first...

    I'm glad that I've never shopped at either of those stores.... and whoever says that I.D. theft is not a problem should post their name, S.S.# , D.O.B., address, and mothers maiden name.. i need a vacation that they would "not" be paying for ...

    link to this | view in chronology ]

  • identicon
    Anonymous Asian, 21 Feb 2007 @ 5:25pm

    first...

    I'm glad that I've never shopped at either of those stores.... and whoever says that I.D. theft is not a problem should post their name, S.S.# , D.O.B., address, and mothers maiden name.. i need a vacation that they would "not" be paying for ...

    link to this | view in chronology ]

  • identicon
    Stu, 21 Feb 2007 @ 6:01pm

    Use the Force Luke

    I.D. theft is not a problem
    I.D. theft is not a problem
    I.D. theft is not a problem
    I.D. theft is not a problem
    These are not the droids you're looking for.
    These are not the droids I'm looking for.

    link to this | view in chronology ]

  • identicon
    mee, 21 Feb 2007 @ 8:50pm

    Being a T.J. Maxx associate, people often ask me if we've straightened it out. We don't know anything. So stop asking. Also, you can avoid this mess by paying in cash.

    link to this | view in chronology ]

    • identicon
      bubba, 22 Feb 2007 @ 6:16am

      Re:

      hey Mee,

      Your company made a huge mistake in collecting and storing data from Track 1 of the credit card strip on the back of each card. That has the CC#, Exp Date and CCV#. What should have been collected is the info from Track 2 which is name and address only, no financial information. Maybe you should go to your manangement and ask them how to address those concerns from customers, like myself included, whose CC were compromised. Oh and dont tell me to pay in cash. I can cancel a stolen credit card....someone rips me off of my cash- cant get that back. If its so tuff to answer peoples questions about this major breach then get out or kindly tell people to address their concerns by calling a 1-800 number. With your angry attitude you really shouldnt be addressing these people anyhow.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Feb 2007 @ 9:52pm

    What I don't understand is why these companies with so much data to loose feel that they need to hold onto such sensitive data for the long term, especially if they don't have the security and resources to keep it safe.

    link to this | view in chronology ]

  • identicon
    JSchmidt, 21 Feb 2007 @ 10:06pm

    Umm..

    Jeffrey Schmidt
    525878546
    29/07/1987
    780 McDonnell Rd, SAN FRANCISCO, CA, 94128
    Collins

    Ok, so how is this gonna get me a vacation?....

    link to this | view in chronology ]

  • identicon
    Anyonymous jerk, 22 Feb 2007 @ 7:42am

    Fine them!

    At this point, the authorities need to step in and begin dolling out serious fines for these companies. Identity theft not only hurts individuals, but ultimately causes nationwide economic repurcussions when people start declaring bankruptcy because they can't pay their bills.
    (sounding like a poster for ID theft)

    It hurts us all!

    link to this | view in chronology ]

  • identicon
    Julian, 22 Feb 2007 @ 9:56am

    TJMaxx will be bought out

    Visa will force a buyout or a shutdown. Visa did that for CardSystems last year which is now operating under a new name and new management.

    Visa has implemented PCI security regulations which is a series of security best practices for the specific security of the cardholder data. If you accept VISA cards you must pass this security audit or negotiate an extension or waiver. VISA is not fooling around anymore.

    in_the_industry

    link to this | view in chronology ]

  • identicon
    Anonymous, 25 Feb 2007 @ 7:38am

    Prosecute the Real Criminal

    I understand the exposure the company has, along with many other companies that have yet to be hacked. Why are we not talking about finding and prosecuting the criminals that stole the information in the first place. I know it's a difficult task, but it must be done, otherwise, other companies will find themselves in this situation.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.