Credit Card Data Leaked By T.J. Maxx Used To Steal Millions Of Dollars Worth Of Goods
from the oh-yeah,-plus-the-shareholders-are-suing dept
This can't be a good week for TJX, the parent company of T.J. Maxx, Marshalls and a bunch of other retailers. As you probably remember, earlier this year, the company made news after it came out that some scammers had broken in and accessed credit card and other personal info on tens of millions of customers -- which many consider to be the biggest such data leak ever. Of course, in many of the other cases of data leaks, the end result, while annoying, didn't actually involve criminals using the leaked data. No such luck for TJX. A new report says that some scammers in Florida used the data from TJX to create dummy credit cards, and then purchased Wal-Mart and Sam's Club gift cards which were redeemed for about $8 million worth of goods. It's interesting to note what brought the scam down was that the scammers started using multiple cards at once -- and almost all of the cards were for $400, just under the $500 limit that would require identification.On top of this latest bit of bad publicity, TJX also has to deal with the fact that one of its largest shareholders is now suing the company over the breach -- saying that the company hid important information about the breach from shareholders. This may not be the "Digital Enron" security case that some people are expecting, but it is shaping up to be quite a mess.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Whys?
[ link to this | view in chronology ]
Re: Whys?
Gee, I dunno, maybe all those laws that require data retention? (passed under the guise of anti-terror measures most likely)
[ link to this | view in chronology ]
Re: Re: Whys?
In order to open a new account they would need the person's Name, Birthdate, SSN, and an address of some sort. If someone was able to use the TJX data to open new credit cards, then all of this information must have been stored (or enough of these pieces that an internet address search could supply the rest).
And the other part of this is the consumer themselves. It's pretty easy to track your credit history for free. Just go to annualcreditreport.com and every 4-months pull a history from one of the companies. If there is anything suspicious, then you can head it off pretty quick. It would be hard for someone to do a ton of irreversible damage to your credit in a 4-month period.
[ link to this | view in chronology ]
Re: Re: Re: Whys?
[ link to this | view in chronology ]
Ah the modern age
[ link to this | view in chronology ]
Re: Ah the modern age
[ link to this | view in chronology ]
Re: Ah the modern age
Technology is not inherently bad, the bad comes from an inferior quality of people. If everyone understood technology, we wouldn't have this problem. Instead we have people who are either too lazy or too stupid to learn the new technologies, and would rather blame the technology then themselves. When a person is stupid, they hand over their account information to a fishing scam or malware. When a company is stupid, they allow predatory scammers to obtain mass quantities of information or enable scammers to use stolen information without protection for their customers. So, in these situations, you have a stupid person enabling a criminal; not technology defrauding a person. Yes, the criminals have a better grasp on technology then a lot of people (in the US at least), but why is it the technologies fault that the citizens are failing to keep up? Does it really take a rocket scientist to figure out that sending $1000 to someone in Nigeria is a bad idea? How about to figure out that it is a bit odd for a company to need to ask for your password, when they have it on file?
How about rather then blaming everything else, we start looking at the person or company at the center of the problem. Just because someone is a "victim", does not mean they are innocent.
[ link to this | view in chronology ]
Re: Re: Ah the modern age
But as an example of how they do not reject technology as a whole, the Amish dairy farmers have electricity in the barns in order to run the proper equipment for maintaining a sanitary environment for processing milk. Also, I saw one house that was allowed to have electricity in it for running the life support equipment for one of their children who was born with a severe condition. Again, this helps keep the family together.
Furthermore, when their children enter their teenage years, they enter a phase known as "rumschpringa" (not sure about the spelling) which means "running around." They are allowed to venture out and experience all the outside world has to offer, and they are given the choice of leaving the community for the outside world, or to stay. If they do leave and later want to come back, they are generally welcomed back. However, if you stay and join the Amish church and then later reject it and leave, they consider you dead, holding a funeral and everything, and you can never come back. It is a difficult way of life, but it is not without its good points. In a lot of ways, they are better off than we are.
[ link to this | view in chronology ]
Re: Re: Re: Ah the modern age
People are free to live their lives as they see fit, but you can not take a superficial glance at a society and make a call of which way is better. You have to weigh the pros and cons for yourself. I happen to have lived around, and know, groups (not Amish, but isolationistic) and families that function in similar manors and have talked to the children. Many times it is not the fact that they don't want to leave or that they recoil from mainstream society, but rather that there isn't a way to get out. Each generation is not only ingrained with a narrow teaching from the previous, but they are also hobbled in their ability to assimilate into any society other then the one they are born into.
[ link to this | view in chronology ]
Re: Re: Re: Ah the modern age
[ link to this | view in chronology ]
Re: Ah the modern age
[ link to this | view in chronology ]
Do you people not read???
[ link to this | view in chronology ]
And for that matter, I come from a farming family. Farmers' wallets are by no means fat. You obviously have not ever looked at the financial books for a farming operation. Chemical, seed for planting, and fuel costs are through the roof, not to mention the cost of machinery purchases and maintenance.
Try buying a quarter-million dollar combine and see how that fits your budget. And then put on new tires every couple years or so that cost over $1000 per tire. Farmers get stuck buying all their supplies at retail prices, are forced to sell their product at rock bottom wholesale prices (and not before the grain elevators take their cost out of it), and pay shipping both ways (see the previous comment on the elevator's cut). And the middle man wins big in the deal. The price of cereal in the store goes up, the price per bushel of grain for the farmer goes down. Who gets the money? You do the math.
As for the farm programs, it's bad enough that the government is giving out free money in the first place. But on top of that, there are loopholes that allow colleges/universities and even prisons with agricultural programs to get access to that money, which they certainly don't deserve. They are stealing money from hard-working farmers that are just trying to keep their heads above water. My parents have to take out a new operating loan every year just to be able to buy supplies to go another year, sometimes before they can even pay off the previous year's operating loan. Sometimes I think they'd have better luck going to a casino, because you have a lot better chance of winning millions in a poker tournament than you do betting that an entire year's crop will survive the weather, insects, and various diseases, and actually turn a profit when it's all said and done.
So don't talk to me about our farmers having plenty of money. I'm not saying there aren't some rich ones out there, but they're probably in control of mega farms or something. The small family farm is a dying breed, and you can thank our wonderful economy for that.
Back into the topic at hand, I agree that it's stupid for retailers to hold onto sensitive information like that, especially if it's not secure enough. I try to limit the number of places online that want to store my credit card info as much as possible. Even though it's convenient, I don't feel it's safe enough. I wonder though, if the data that got leaked was for credit cards that are applied for from the retailer (assuming they have cards like that, similar to JCPenny's and Sears). In that case, the retailer would probably have good reason to hold onto that info.
[ link to this | view in chronology ]
Re:
Why does the government pay a wheat farms close to $1 million dollars NOT TO PLANT ANYTHING ON THE FARM because there is too much wheat being grown at the time?
Why is it my Aunt who is a farmer just built a $300,000 dollar home and toured Europe this year, even though she claims it was a bad year and had to apply for government assistance?
How come not a single farm in Montana has closed due to lack of money, but they all apply for governmental assistance? Other states might be different, but Montana farmers have a good scam going.
[ link to this | view in chronology ]
Farming?
go hunting and fishing all year and fill out a little paperwork...
I could do that!!
[ link to this | view in chronology ]
Back on Topic
[ link to this | view in chronology ]
Re: Back on Topic
[ link to this | view in chronology ]
Re: Re: Back on Topic
[ link to this | view in chronology ]
Re: Re: Re: Back on Topic
And where all credit places do not report to that same company (so you will not have all the credit cards listed), all three companies will have a listing of every mailing address you (or a thief) have claimed to live at. If there is more than 1 address that you do not recognize then chances are your identity has been stolen.
If you are really worried about your identity though, then buy the reports every month. If you are not worried at all, then check TransUnion at least once a year because they seem to have the most complete history.
[ link to this | view in chronology ]
New Term
[ link to this | view in chronology ]
Looks like they revamped counterfeiting
Sorry to get back on topic, but I was wondering why they bought gift cards and then used the gift cards to purchase merchandise. Why didn't they just buy the merchandise directly, without the extra step of buying the gift card? Can someone explain the reason for this?
Wizard Prang:
"Credit Laundering". -- Well, sort of. Kind of counterfeiting it is too. Creating gift cards translate money into pseudo-money, but much easier to counterfeit and much harder to track. And if the other end of it is not the one purchasing by the card, the purchaser becomes almost invisible -- and probably inaccessible for any authorities.
Especially (and that one is for you, Beck), since gift cards can be traded -- which obfuscates the trace completely. And everyone maybe catched can claim, they just bought the card from some random passer-by.
Looks like far less risk but plain counterfeiting.
[ link to this | view in chronology ]
do not need to hold on to detailed credit card inf
If there is a charge back, the credit card company would provide the detailed information regarding that transaction only.
If every company that allows credit cards hold on to all the detail of every transaction, then this very personal information is available at much too many points.
In fact once the money has changed hands from the Visa for example, the retailer does not need anything more than the date of the transaction, and approval number. Everything else should be transmitted or shipped to the credit card vendor. Much in the same way Cheques are done. You would not imagine that a giant retailer would hang on the details of your personal cheque, with your account numbers, any more that they should hold on to your complete credit card data. Perhaps they might want to hang on to that little slip of paper with my signature, however that does not have the detailed credit card number (it is covered with security asterix) or expire date.
Again, when and if there is a chargeback, the vendor can deserves the details.
As the world gets more and more dependant on electronic transactions, security for personal data becomes more and more important.
[ link to this | view in chronology ]
TJMAX credit card scam
[ link to this | view in chronology ]
tjmax credit card scam
[ link to this | view in chronology ]
WHANT A CREDIT CARD NUMBERS
[ link to this | view in chronology ]
Re: WHANT A CREDIT CARD NUMBERS
[ link to this | view in chronology ]
[ link to this | view in chronology ]
credit card info
[ link to this | view in chronology ]
how will i know the full info of this credit card
[ link to this | view in chronology ]
Used for taking larger credit
[ link to this | view in chronology ]