Eleven Charged In Massive TJX Data Loss... But Many Are Still Overseas

from the this-is-hardly-over dept

We've had numerous posts about the massive (some say the largest ever) data breach by TJX, parent company of retailers like TJ Maxx and Marshalls. So, it's certainly worth mentioning the story making headlines that the "culprits" of the breach have been charged in the case, but it shouldn't exactly put your mind at ease about these breaches. After all, the credit card info they accessed (over 40 million cards by most accounts) is still out there, though many card holders have already changed their numbers. But, more importantly, it sounds as though most of those responsible aren't in the US at all and are basically sitting free in Eastern Europe and Asia. Hell, one of those "charged" is only known by his online username, with no indication where he might be located. So, yes, it's good that the feds tracked down some of the folks responsible, but most of them are probably still out there getting access to the credit cards your provider sent you to replace the ones compromised by these guys in the first place.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: credit card theft, data breach, organized crime
Companies: tjx


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Web Search, 6 Aug 2008 @ 3:14am

    credit card

    Credit card use has been apparently been going down in the United States because of Severe debt incurred by obsessive users. Who knows maybe some of these debts have occurred because of some of these frauds.
    A better system needs to be implemented that will prevent massive frauds of this kind. The paypal system should be the proper format for this type of system. This might be combined with some bio information like a finger print. It is a great opportunity for a new security business

    link to this | view in chronology ]

  • identicon
    Shohat, 6 Aug 2008 @ 3:39am

    Retailers usually take the hit

    At the end of the day, Credit Card fraud usually results in merchants being hit with chargebacks. Merchants pay the price of processing and lost goods.

    Any credit card user that actually follows the transactions, is highly unlikely to suffer any consequences due to CC fraud.
    999/1000 it's the merchants that take the hit.

    link to this | view in chronology ]

    • identicon
      McCrea, 6 Aug 2008 @ 3:43am

      Re: Retailers usually take the hit

      Customers pay the cost in business.

      link to this | view in chronology ]

    • identicon
      Abdul, 6 Aug 2008 @ 11:37am

      Re: Retailers usually take the hit

      What should be done now to the victims of these credit card fraud? I think they deserve to be compensated!! How many of suh fraud are presently going unnoticed remains to be seen. It simply means we are not too ready to combat the growing threat of cyber crime: Unprepared to Fight Worldwide Cyber Crime(http://www.internetevolution.com/author.asp?section_id=593&doc_id=147027&F_src=flftwo)

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Aug 2008 @ 7:33am

      Re: Retailers usually take the hit

      Good, in this case at least it is the merchants who were at fault. They asked to be trusted with customer information and they did live up to thier (moral) obligation to protect that information.

      link to this | view in chronology ]

  • identicon
    McCrea, 6 Aug 2008 @ 3:40am

    I didn't realize so many businesses were using wireless networks. That surprises me, but not the results.

    link to this | view in chronology ]

  • identicon
    TJ EX, 6 Aug 2008 @ 4:24am

    How'd It Happen?

    The security of the network was clearly the responsibility of the IT management. The people in charge should now be counter clerks at Burger King. Is this too harsh? No. Who else would have taken responsibility for the computing infrastructure.

    Think of the breach like this - what would the reaction be if the architectural firm that designs the stores didn't include locks for the doors? Do you think there would be hell to pay from the corporate management?

    In cities all over the US war driving is practiced everyday by young geeks. I've even tried it myself, and I'm 55!. Turn on the laptop, fire up Netstumbler and see who's left their network wide open. Is it so hard to understand how serious leaving an unsecured network open is?

    TJX should pay every last penny for this breach, as should ANY business that allows this to happen.

    link to this | view in chronology ]

    • identicon
      Formerly anon cow, 6 Aug 2008 @ 7:00am

      Re: How'd It Happen?

      The security of the network was clearly the responsibility of the IT management.

      What IT management? Have you ever seen a tech at any of these stores? Maybe that was the problem. There was NO IT telling these people that wireless is NOT secure. Just someone who got contracted to put up what the customer wants how they want it.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2008 @ 5:49am

    The security of the network was clearly the responsibility of the IT management. The people in charge should now be counter clerks at Burger King.

    That's a bad idea. I already have enough trouble getting my order correct by the current staff.

    link to this | view in chronology ]

  • identicon
    Overcast, 6 Aug 2008 @ 7:47am

    Mixing Money and Computers - particularly ones tied to the internet - has always been and will always be a bad idea.

    My main bank account - without a debit card, is as close to inaccessible as it can get. It's easy to just stop at the bank, make a withdrawal and use a pre-paid card for online purchases. I'm not really paranoid at all, just think it's silly to trust computers too much.

    If the hacker has my credit card number - he'll have to add money to it first, before he can use it :)

    link to this | view in chronology ]

    • identicon
      Kilroy, 6 Aug 2008 @ 8:15am

      Re:

      I like the way you think. And although someone else said that the business pay the price of cc fraud in a separate post above. I disagree! We all pay the price because the business passes along the price of those losses to the customer in how the retail/wholesale markup or service fee prices are calculated.

      The more we can do to prevent these types of crime ... the better off we ALL are in the long run. And in some cases that might mean saying I will not use your wireless Interact machine because I don't know how secure your network is.

      link to this | view in chronology ]

  • identicon
    James, 6 Aug 2008 @ 8:21am

    Debit Cards

    This is why debit cards are EVIL and should NEVER EVER be used as credit cards.

    If someone manages to steal your REAL credit card number the liability to the individual is minimal or nill, but if they get your debit card number (even if your bank reimburses you) it could still be a huge PITA.

    That aside, credit card companies are aware of this kind of fraud but promote cc use so heavily because even w/some fraud and loss they make so much in interest and fees it more than covers it.

    link to this | view in chronology ]

    • identicon
      Me, 8 Aug 2008 @ 5:40am

      Re: Debit Cards

      Your conclusion doesn't follow. Our Mastercard-networked debit card numbers were compromised in one of these scams. Bank security called to ask us if we were really buying racks of computer hardware from Singapore, to be shipped to Singapore. No, can't say that we were... The bank replaced the cards and we never saw the charges. According to U.S. federal law, the maximum liability you face in the event of debit card theft is $50, provided you report the theft within 2 days of learning of it. I don't feel that's too much for the banks and credit unions to ask. The liability is staggered - within 3 to 60 days of a bank statement reflecting the problem, you're liable for up to $500. After that, the bank figures you meant to spend the money. After two bank statements that reflected the thefts, I'd say you've been informed... Here's the info, spelled out more formally: http://www.federalreserve.gov/pubs/consumerhdbk/electronic.htm or http://tinyurl.com/5lrkbu . And that's just federal law. Mastercard and Visa are free to cover some or all of that consumer liability. They do expand on it. If you use your debit card over Mastercard's credit network (i.e., signing instead of using the PIN), you're generally not liable for unauthorized transactions, be they in person, by phone, or online. They've got some weasel wording in there, but it's not too bad. http://www.mastercard.com/us/personal/en/cardholderservices/zeroliability.html or http://tinyurl.com/2l5v3m I should point out that these conditions apply whether your Mastercard is a credit card or a networked debit card. So either way, there's the same potential aggravation in the event of theft or fraud. I've lived off debit cards for several years, now. I've rented cars, made hotel reservations, and flown nationally and internationally. I've used them in and out of country. Thus far, no worries. I'm not a Pollyanna. ID theft is real, and as you said, a huge PITA. But credit card fraud is just as much of a pain to sort out as debit card fraud. The only difference in the law's eyes is that you have to actually pay attention to your bank statements, to minimize debit card liability. I just don't think that's too much to ask.

      link to this | view in chronology ]

  • identicon
    Benjamin Wright, 7 Aug 2008 @ 8:59pm

    over-reaction

    Careful reading of the indictments show that the media, card issuers and Federal Trade Commission over-reacted to the TJX incident. TJX was not as bad as we were led to believe. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.