[Dataloss] TJX breach involved 45.7m cards, company reports

DAIL, ANDY ADAIL at sunocoinc.com
Thu Mar 29 13:43:03 UTC 2007 

At $30 per card, that's close to $1.3B just in re-issuance costs, in
addition to any fines or lawsuits.  They'll never be able to account for
the cost of lost business.

I'd wager a comprehensive PCI-DSS program looks like a bargain, in
hindsight.


-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of B.K. DeLong
Sent: Wednesday, March 28, 2007 9:13 PM
To: lyger
Cc: dataloss at attrition.org
Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports


Finally. Glad we finally know.

On 3/28/07, lyger <lyger at attrition.org> wrote:
>
> (Keep in mind that these are credit card NUMBERS, and not PEOPLE...
> people often have more than one card.  Attrition's Dataloss Database
> (DLDOS) will be updated accordingly)
>
> http://www.boston.com/business/ticker/2007/03/tjx_breach_invo.html
>
> At least 45.7 million credit and debit card numbers were stolen by
> hackers who broke into the computer systems at the TJX Cos. in
> Framingham and the United Kingdom and siphoned off data over a period
> of several years, making it the biggest breach of personal data ever
> reported, according to security specialists.
>
> TJX, the Framingham discounter that operates the T.J. Maxx and
> Marshalls clothing chains, also reported in a regulatory filing
> yesterday that another 455,000 customers who returned merchandise
> without receipts had their personal data stolen, including drivers'
> license numbers. "It's the biggest card heist ever," said Avivah
> Litan, vice president of Gartner Inc. "This was obviously done over a
> long period of time, in many locations. It's done considerable
> damage."
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss Tracking more than 158 million
> compromised records in 609 incidents over 7 years.
>


--
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss Tracking more than 158 million compromised
records in 609 incidents over 7 years.

This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.

More information about the Dataloss mailing list