TJX Security Breach Keeps Getting Uglier - And TJX Is Not Alone
The TJX breach just keeps getting uglier. GlobeInvestor.com is reporting, from a Canadian perspective, that:
Some reports have suggested that more than 40 million credit cards were exposed by the TJX break-in, which would make it one of the largest such incidents to hit North America. Sources said Visa alone is informing partners that 20 million of its cards could be affected, and there are estimates in the financial community that between one million and two million Canadian cards issued by banks and other institutions could have been left vulnerable by the breach. Visa would not confirm the numbers.
The International Herald Tribune (IHT) is reporting the ripple effects spread beyond TJX, its subsidiaries and customers:
Fifth Third Bank of Cincinnati was identified as the sponsoring bank that handled TJX's accounts, making it responsible for ensuring that the retailer met the industry's data security standards. … Fifth Third may be required to cover some of the card issuers' losses.
So what are we to make of industry self-regulation? Was the bank verifying the retailer's compliance or not? Is this an anomoly or a common problem?
The total costs of these breaches is high according to SearchSecurity.com, which notes:
In a study released in October 2006, the Ponemon Institute found that data breaches cost companies an average of $182 per compromised record, a 31% increase over 2005. Ponemon studied 31 companies that experienced a data breach. The total costs for each loss ranged from less than $1 million to more than $22 million, according to the 2006 findings.
And as if the state of corporate network security in North America isn't bad enough, our European colleagues seem to have similar problems. An article in Eircom.net reports from Ireland that, based on a survey by Deloitte:
Hundreds of computer networks operated by Irish businesses, including major financial institutions, are vulnerable to hackers because basic security procedures have not been implemented.
This is just going to get worse before it gets better.
UPDATE Jan 20, 2007:
The Ottawa Sun is reporting that th TJX breach actually started last May not December; it seems the company didn't detect the breach until December.
A spokeswoman for TJX Co. said yesterday there has been confusion in media reports about how long ago customer information may have been compromised."Our discovery of it was in mid-December. We believe (the breach) happened in mid-May of '06," said Sherry Lang.
Information from mid-May 2006 through December 2006 and from 2003 may have been accessed by the intruder, but "it's not like there's someone in there since 2003."
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
I received a letter from my bank stating my Master Card debit was affected.
I didn't shop at any TJX during December upon pulling my records the 1 time this past year I shopped at one of their stores was October 8,2006!
I think there is much more to this than the corporation is letting out.
Thank you
Posted by: Lisa | January 30, 2007 9:37 AM
I suspect the full extent of the damage isn't known yet. It could take months for customers to review their credit card records and notify their banks.
Posted by: Dan | January 31, 2007 8:13 AM
I discovered the breach only after contatcting my credit card company several times from Oct- Jan. This happened to us on credit cards that our out of state college kids used. What a hassle to clean up!
Posted by: Susan | February 15, 2007 12:08 PM
I just received notice in the mail by my mastercard credit card rep. that " my.... . Mastercard was identified as one of the affected accounts". So I looked back in my records and found that the last time I had used this charge card at any one of TJX's stores was in April of 2005.
To me this time line is confusing and scarey!
Posted by: Rachel | February 16, 2007 2:47 PM