Unable to connect to the remote server

Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
A year later TJX breach implications widespread
BOSTON (1/22/08)--It was one year ago last Thursday that the TJX Cos. disclosed the largest credit and debit card data breach in history. The implications of that breach are widespread. That breach set off a chain of lawsuits from consumers and financial institutions, including credit unions who footed the bill for notifying members and replacing their compromised cards. It instigated a number of bills in state and federal legislatures to protect consumers' data and make merchants more responsible for the data they handle. The event, coupled with a significant increase in sophisticated attempts to phish personal information from consumers, also changed the way credit unions and their members deal with security issues. More credit unions are taking precautions by offering credit monitoring identity theft services and security solutions. The Framingham, Mass.-based retail company, which owns T.J. Maxx and Marshall's, figures the intrusions began in mid-2005 at two Marshall's stores in Miami that had wireless Local Area Networks (LANs). Eventually at least 45.6 million card numbers were compromised and card companies such as Visa and MasterCard estimate that as many as 94 million cards were exposed. Computerworld, looking at the one-year anniversary of the breach, said security managers have five take-aways from the incident (Jan. 17):
* Breach disclosures don't always affect a company's revenue or stock prices. Customer and investor confidence in TJX was "largely unshaken." When the breach was disclosed its stock was worth about $30 per share. Its closing price on Thursday was just over $29 per share. Its sales for the 48-week ending Jan. 5 increased 4% from the same period a year ago. * Breach disclosures are still costly. TJX spent or set aside in the past year about $250 million for costs related to the breach. * The Payment Card Industry (PCI) Data Security Standard remains a work in flux. The industry's rules require merchants to implement 12 broad security controls for protecting customer data. However, many companies still aren't in compliance. Court documents indicated TJX wasn't compliant with nine of the controls. * The breach exposed card-payment issues that exist between merchants and their financial institutions and credit card companies. Credit unions and smaller banks have lobbied several state legislatures to pass new laws requiring merchants to reimburse them for the costs involved in notifying member/customers and reissuing cards. Retailers are fighting these bills. * The perpetrators of the breach are still out there. Only a few people have been arrested for using card numbers stolen during the breach. The hackers are still free and likely will strike again.


RSS





print
News Now LiveWire
Maine credit unions put Food Mobile on the road to relieving hunger in rural areas http://t.co/R0xpt6BAZE
15 hours ago
.@TheNCUA's Matz: PALS should be exempt from Military Lending Act proposal #NewsNow http://t.co/Vy9uNhOIEr
16 hours ago
#NewsNow Iowa loan growth 3 times national bank rate http://t.co/fUvudPLg5d
18 hours ago
.@ICBA tallies its Home Depot data breach costs: $90M, 7.5M cards http://t.co/iJgRDC2AKZ
20 hours ago
.@icul's Jury elected treasurer of @WOCCU exec committee http://t.co/HEF1UChN8f
20 hours ago