According to an article in today’s on-line publication Computerworld, the Massachusetts Bankers Association (MBA) reports that identity thieves have been using stolen confidential credit and debit card information stolen by hackers who breached computer systems at The TJX Companies sometime in May of 2006. According to the MBA,
compromised cards have so far been used to make fraudulent purchases in Georgia, Florida, Louisiana, Hong Kong and Sweden.
“TJX has not made clear the number of cards involved in the breach, but Massachusetts banks continue to receive information from the card companies about cards that have been exposed,” the MBA said in a statement. To date, about 60 banks have reported on cards that were compromised in the breach. The number is expected to rise because fewer than half of the member banks have reported in so far.
The TJX Companies reported last week the following:
TJX last week disclosed that somebody had illegally accessed one of its systems and made off with card data belonging to an unspecified number of customers in the U.S., Canada, Puerto Rico, the U.K. and Ireland. The retailer, which owns chains such as TJ Maxx, Marshalls and Bob’s Stores, didn’t disclose the number of shoppers that may have been affected by the breach, which took place in May 2006 but wasn’t discovered until last month.
Without hearing from you, it is hard to determine the extent of this apparently large-scale and complex data breach. Has anybody been victimized in Arizona? In California? In any other states in the West? Do you believe the company has an obligation to take specific steps to find out exactly which consumers have had their private data exposed to hacker thieves and then report directly to these victims? Should retail companies purge consumer debit and credit information after each transaction as a way to prevent future theft and fraud? Let me know what identity theft protections you think a retail company should take as a condition of doing business in today’s technological environment.