Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
A year later TJX breach implications widespread
BOSTON (1/22/08)--It was one year ago last Thursday that the TJX Cos. disclosed the largest credit and debit card data breach in history. The implications of that breach are widespread. That breach set off a chain of lawsuits from consumers and financial institutions, including credit unions who footed the bill for notifying members and replacing their compromised cards. It instigated a number of bills in state and federal legislatures to protect consumers' data and make merchants more responsible for the data they handle. The event, coupled with a significant increase in sophisticated attempts to phish personal information from consumers, also changed the way credit unions and their members deal with security issues. More credit unions are taking precautions by offering credit monitoring identity theft services and security solutions. The Framingham, Mass.-based retail company, which owns T.J. Maxx and Marshall's, figures the intrusions began in mid-2005 at two Marshall's stores in Miami that had wireless Local Area Networks (LANs). Eventually at least 45.6 million card numbers were compromised and card companies such as Visa and MasterCard estimate that as many as 94 million cards were exposed. Computerworld, looking at the one-year anniversary of the breach, said security managers have five take-aways from the incident (Jan. 17):
* Breach disclosures don't always affect a company's revenue or stock prices. Customer and investor confidence in TJX was "largely unshaken." When the breach was disclosed its stock was worth about $30 per share. Its closing price on Thursday was just over $29 per share. Its sales for the 48-week ending Jan. 5 increased 4% from the same period a year ago. * Breach disclosures are still costly. TJX spent or set aside in the past year about $250 million for costs related to the breach. * The Payment Card Industry (PCI) Data Security Standard remains a work in flux. The industry's rules require merchants to implement 12 broad security controls for protecting customer data. However, many companies still aren't in compliance. Court documents indicated TJX wasn't compliant with nine of the controls. * The breach exposed card-payment issues that exist between merchants and their financial institutions and credit card companies. Credit unions and smaller banks have lobbied several state legislatures to pass new laws requiring merchants to reimburse them for the costs involved in notifying member/customers and reissuing cards. Retailers are fighting these bills. * The perpetrators of the breach are still out there. Only a few people have been arrested for using card numbers stolen during the breach. The hackers are still free and likely will strike again.


RSS print
News Now LiveWire
Goodwill Industries latest to report data security breach http://t.co/gIaXNsT4Bk
12 hours ago
CUNA economist Schenk discusses regulators' focus on interest-rate risk. See CU Magazine: http://t.co/tW1p9rTSSv
13 hours ago
Fed issues annual report on general-use prepaid cards in gov't-administered payment programs. http://t.co/3zPhejSPZt
14 hours ago
Children in foster care face higher risk of identity theft via @NBCNews http://t.co/Dif0hCfBdA
14 hours ago
.@Cornerstone_CUL's leadership conference includes food drive for San Antonio food bank http://t.co/h2O8O4TxuD
14 hours ago