Credit Card Insecurity, Pt. 2
In the past week, national news media have been reporting more details of the TJX security breach we blogged about several weeks ago. Now TJX says that the breach involved information stolen from—take a deep breath—47.5 million credit and debit cards. That would make this one of the largest payment card security breaches ever. And even though much of the information stolen was encrypted, the hacker/s also got hold of TJX’s encryption software.
Information dating back to 2003 appears to have been stolen, though TJX claims to have been unaware of the problem until last fall. TJX has revised its estimates of the dates when its systems were hacked, from July 2005 to 2006, and even—hard though it is to believe—January 2007. The hacker/s also obtained personal data, such as driver’s license numbers, relating to another 450,000 or so customers who were unlucky enough to have returned purchases without receipts and had to provide personal information.
The culprits? Authorities can’t yet say whether a group of Florida residents arrested recently were responsible for the massive TJX info heist. The six people were arrested for purchasing over $1 million worth of merchandise with gift cards purchased in turn with credit card numbers from a TJX database.
As we suggested earlier, this massive breach is definitely going to serve as a reason for tighter security measures and stricter punishments and fines for companies that fail to follow the PCI requirements. The ripple effects will keep traveling for a while. TJX claims to have spent $5 million already on investigating the case, and several lawsuits have been filed against it. For individual customers receiving notice from their banks that their cards may have been compromised, it’s probably a good idea to have the bank reissue their cards.
–
F. Curtis Barry & Company is a multichannel operations and fulfillment consulting firm for catalog, e-commerce, and retail businesses. We offer clients expertise in business process and order management systems, inventory management systems, warehouse management systems; warehousing and distribution; contact center services; inventory management and forecasting solutions; and strategic, financial, and operational planning for all business channels. F. Curtis Barry & Company also provides annual peer-to-peer, confidential, benchmarking ShareGroups forums on warehousing, forecasting and inventory management, and customer service and order entry. For more information please visit our website or call Jeff Barry at 804-740-8743.
[…] The recent TJX security breach affecting 46.5 million customers (see our earlier post on the TJX Secuirty breach) has helped make it clear just how fragile retail security can be. RIS News quotes Greg Buzek, president of IHL Consulting, as saying that “most retailers’ IT systems are integrated today, it is very difficult to lock down every vulnerability. There are simply too many access points.” Buzek claims that most deliberate, professional, online security attacks are launched from former Soviet republics—which have no extradition treaties with the U.S., so the U.S. has no legal recourse to stop them. […]