[Dataloss] TJX breach involved 45.7m cards, company reports

B.K. DeLong bkdelong at pobox.com
Thu Mar 29 15:32:38 UTC 2007 

Don't forget there's probably a PCI fine as well as the possibility of
loss of processing rights.  Though, that would kill TJX, (not that
they're not hurting already).

On 3/29/07, DAIL, ANDY <ADAIL at sunocoinc.com> wrote:
>
> At $30 per card, that's close to $1.3B just in re-issuance costs, in
> addition to any fines or lawsuits.  They'll never be able to account for
> the cost of lost business.
>
> I'd wager a comprehensive PCI-DSS program looks like a bargain, in
> hindsight.
>
>
> -----Original Message-----
> From: dataloss-bounces at attrition.org
> [mailto:dataloss-bounces at attrition.org] On Behalf Of B.K. DeLong
> Sent: Wednesday, March 28, 2007 9:13 PM
> To: lyger
> Cc: dataloss at attrition.org
> Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports
>
>
> Finally. Glad we finally know.
>
> On 3/28/07, lyger <lyger at attrition.org> wrote:
> >
> > (Keep in mind that these are credit card NUMBERS, and not PEOPLE...
> > people often have more than one card.  Attrition's Dataloss Database
> > (DLDOS) will be updated accordingly)
> >
> > http://www.boston.com/business/ticker/2007/03/tjx_breach_invo.html
> >
> > At least 45.7 million credit and debit card numbers were stolen by
> > hackers who broke into the computer systems at the TJX Cos. in
> > Framingham and the United Kingdom and siphoned off data over a period
> > of several years, making it the biggest breach of personal data ever
> > reported, according to security specialists.
> >
> > TJX, the Framingham discounter that operates the T.J. Maxx and
> > Marshalls clothing chains, also reported in a regulatory filing
> > yesterday that another 455,000 customers who returned merchandise
> > without receipts had their personal data stolen, including drivers'
> > license numbers. "It's the biggest card heist ever," said Avivah
> > Litan, vice president of Gartner Inc. "This was obviously done over a
> > long period of time, in many locations. It's done considerable
> > damage."
> >
> > [...]
> > _______________________________________________
> > Dataloss Mailing List (dataloss at attrition.org)
> > http://attrition.org/dataloss Tracking more than 158 million
> > compromised records in 609 incidents over 7 years.
> >
>
>
> --
> B.K. DeLong (K3GRN)
> bkdelong at pobox.com
> +1.617.797.8471
>
> http://www.wkdelong.org                    Son.
> http://www.ianetsec.com                    Work.
> http://www.bostonredcross.org             Volunteer.
> http://www.carolingia.eastkingdom.org   Service.
> http://bkdelong.livejournal.com             Play.
>
>
> PGP Fingerprint:
> 38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
>
> FOAF:
> http://foaf.brain-stream.org
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss Tracking more than 158 million compromised
> records in 609 incidents over 7 years.
>
> This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 203 million compromised records in 609 incidents over 7 years.
>


-- 
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org

More information about the Dataloss mailing list