[Dataloss] TJX breach involved 45.7m cards, company reports
lyger
lyger at attrition.org
Thu Mar 29 16:50:18 UTC 2007
(forwarded for snippage purposes)
From: adrian.sanabria at gmail.com
To: B.K. DeLong <bkdelong at pobox.com>, "DAIL, ANDY" <ADAIL at sunocoinc.com>
Cc: dataloss at attrition.org
Date: Thu, 29 Mar 2007 16:04:13 +0000
Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports
Consider though, that they're saying 75 percent of the data was masked or
expired. In my opinion, if someone steals the
CCN of the Capital One card I had back in the 90s, it shouldn't be counted
in the official compromise numbers.
Sent via BlackBerry from Cingular Wireless
-----Original Message-----
From: "B.K. DeLong" <bkdelong at pobox.com>
Date: Thu, 29 Mar 2007 11:32:38
To:"DAIL, ANDY" <ADAIL at sunocoinc.com>
Cc:dataloss at attrition.org
Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports
Don't forget there's probably a PCI fine as well as the possibility of
loss of processing rights. Though, that would kill TJX, (not that
they're not hurting already).
On 3/29/07, DAIL, ANDY <ADAIL at sunocoinc.com> wrote:
>
> At $30 per card, that's close to $1.3B just in re-issuance costs, in
> addition to any fines or lawsuits. They'll never be able to account for
> the cost of lost business.
>
> I'd wager a comprehensive PCI-DSS program looks like a bargain, in
> hindsight.
More information about the Dataloss
mailing list