Bankers: TJX May Have Kept Too Much Personal Data
The Boston Globe is reporting that the Massachusetts Bankers Association is warning 28 member banks that their card holders may have had personal data exposed during the TJX breach and that the number of banks affected could be higher.
In addition, the trade association is questioning how much information was kept:
The banking trade group also said TJX may have been keeping on file "unnecessary" data. Credit-card network rules prohibit retailers from retaining information after they verify a person's identity and account balance. "After the transaction clears, there is no reason to store any data," said the group's president Daniel J. Forte.
As the story is now reported, it appears that the breach started in May, 2006, was discovered in December 2006, may have exposed up to 40 million records, and the exposure may have included information that was not needed by the company to conduct business. Now imagine if this happened to a network you manage. This really is a wakeup call to all of us who design or manage applications, servers and networks.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
