Projects: Security - Baseline
Home arrow Projects: Security arrow TJX Breach Update: 94 Million Credit Accounts Potentially Exposed













Renew Your Subscription

Projects: Security



TJX Breach Update: 94 Million Credit Accounts Potentially Exposed

By Mel Duvall
2007-10-24

Article Views: 2275
Article Rating:starstarstarstarstar / 0


Court filings contend that nearly double the customer records were compromised by the clothing retailer's security breach.

Rate This Article:
Poor Best
Add This Article To:


The number of Visa and MasterCard accounts that could have been exposed to potential fraud by a data breach at retailer TJX Companies, could be nearly double the original estimates, according to documents filed in court.

Filings in a bank case against TJX, the parent of TJ Maxx, Marshalls and A.J. Wright chains, indicate that as many as 94 million cards could have been compromised. Depositions by security officers at Visa indicate that as many as 64 million accounts may have been exposed, while MasterCard has estimated as many as 29 million of its accounts were at risk.

Earlier this year, TJX indicated the breach may have involved 45 million cards.

An investigation by Canada's Privacy Commissioner last month blasted the Framingham, Mass.-based company for failing to protect its customers.

Related Article: TJX Breach Could Have Been Avoided

In that investigation, the privacy commissioner blamed the retailer for collecting too much personal information from customers, keeping it too long and relying on weak encryption technology to protect it. In Canada, TJX operates the Winners and HomeSense retail chains.

The Canadian investigation concluded that an intruder may have initially gained access to customer information via a wireless local area network at two Marshalls stores in the Miami area. Customer information was subsequently stolen from mid-2005 through December 2006.

Among the findings by the privacy commission were that TJX did not act quickly in converting from a weak encryption standard to a stronger standard. It also found that the company did not adhere to the requirements of the Payment Card Industry Data Security Standard, which was developed to address credit card data theft.

Related Article: Retailers Rushing to Meet New Standard for Data Security

The court filings this week were made by banks that have sued TJX and Fifth Third Bancorp, which processed some card transactions for TJX. The banks are seeking class certification to allow other banks to join the complaint and share damage awards. TJX reached a tentative settlement on a consumer class action suit in September.





Discuss TJX Breach Update: 94 Million Credit Accounts Potentially Exposed
 
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Projects: Security Articles          >>> More By Mel Duvall
 



Sponsored Links
  • Free 30-day endpoint security trial: VIPRE Enterprise
  • Reduce operating expenses with CDW Healthcare solutions.
  • Get expert tips & advice on IBM-Oracle database solutions.
  • Get Control with SonicWALL Application Intelligence.
  • Download eval guide and prepare your apps for multicore.
  • FREE Data Leakage for Dummies Book from Sophos
     
    		•
     
    FEATURED SLIDESHOWS
    FEATURED SPONSORED MESSAGE

    TechDirect

    Find the trusted vendors and products that will meet your needs, compare the top solution and connect vendors in one place.

    Before you order the next, data management, office automation or IT hardware solution visit TechDirect.

    Click Here

      Brought to You By
     

     

     

    Related Content

    Articles Labs/How-To Multimedia
    LATEST STORIES
    - 10 Tips for an Online Job Search
    - Hack Your Way to a Promotion
    - What Workers Love and Hate About Social Medi...
    - What People Do All Day
    - Higher Health Costs Ahead


     

     


    rss graphic
           Baseline Newsletters

    Baseline:  

    Issue Index | Contact Us | About | Media Kit | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | TechDirect | Technology White Papers | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.