Credit Card Data Leaked By T.J. Maxx Used To Steal Millions Of Dollars Worth Of Goods

from the oh-yeah,-plus-the-shareholders-are-suing dept

This can't be a good week for TJX, the parent company of T.J. Maxx, Marshalls and a bunch of other retailers. As you probably remember, earlier this year, the company made news after it came out that some scammers had broken in and accessed credit card and other personal info on tens of millions of customers -- which many consider to be the biggest such data leak ever. Of course, in many of the other cases of data leaks, the end result, while annoying, didn't actually involve criminals using the leaked data. No such luck for TJX. A new report says that some scammers in Florida used the data from TJX to create dummy credit cards, and then purchased Wal-Mart and Sam's Club gift cards which were redeemed for about $8 million worth of goods. It's interesting to note what brought the scam down was that the scammers started using multiple cards at once -- and almost all of the cards were for $400, just under the $500 limit that would require identification.

On top of this latest bit of bad publicity, TJX also has to deal with the fact that one of its largest shareholders is now suing the company over the breach -- saying that the company hid important information about the breach from shareholders. This may not be the "Digital Enron" security case that some people are expecting, but it is shaping up to be quite a mess.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Chuck Norris' Enemy (deceased), Mar 22nd, 2007 @ 7:05am

    Whys?

    Why does a department store need to store a credit card number and personal information for longer than a quick credit card transaction? Why is the information so complete that a thief, which could be a scammer without access or a disgruntled employee with access, could apply for a credit card and get one in someone else's name. The credit card companies and Wal-Mart must have thought they got a big boost in sales that month. :D

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Mar 22nd, 2007 @ 7:28am

    Re: Whys?

    Why?

    Gee, I dunno, maybe all those laws that require data retention? (passed under the guise of anti-terror measures most likely)

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Keybored, Mar 22nd, 2007 @ 7:32am

    Ah the modern age

    Technology sucks and big business (and consumers) are paying the price. It's really quite a shame how we worship money. I drive past these farmers plowing their fields with a big ole' plow and a team of bulls. Yes I live in rural Pennsylvania USA and I think those hard working men are having the last laugh on us. Too bad we are destroying the world they live in harmony with.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    TheDock22, Mar 22nd, 2007 @ 7:38am

    Re: Re: Whys?

    Which laws? As far as I know all they need to keep is the account number, the date purchased and the amount put on the card.

    In order to open a new account they would need the person's Name, Birthdate, SSN, and an address of some sort. If someone was able to use the TJX data to open new credit cards, then all of this information must have been stored (or enough of these pieces that an internet address search could supply the rest).

    And the other part of this is the consumer themselves. It's pretty easy to track your credit history for free. Just go to annualcreditreport.com and every 4-months pull a history from one of the companies. If there is anything suspicious, then you can head it off pretty quick. It would be hard for someone to do a ton of irreversible damage to your credit in a 4-month period.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    TheDock22, Mar 22nd, 2007 @ 7:40am

    Re: Ah the modern age

    Farmers don't use money? Ha! Come to MT sometime. Every year the farmers complain that it is too dry so they get money from the government for damages. And then last year when we got tons of rain, they complained it was too wet and got fat checks from the government! Living in harmony with nature my but, they are living in harmony with their wallets.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Casper, Mar 22nd, 2007 @ 7:51am

    Re: Ah the modern age

    You are so out of touch with reality it's scary. I grew up on a farm and I always worked with computers. To say that technology is the enemy is hypocritical. What do you think a plow is? How about the wheel? Rope? Nails? Knives? Your not logically analyzing the situation.

    Technology is not inherently bad, the bad comes from an inferior quality of people. If everyone understood technology, we wouldn't have this problem. Instead we have people who are either too lazy or too stupid to learn the new technologies, and would rather blame the technology then themselves. When a person is stupid, they hand over their account information to a fishing scam or malware. When a company is stupid, they allow predatory scammers to obtain mass quantities of information or enable scammers to use stolen information without protection for their customers. So, in these situations, you have a stupid person enabling a criminal; not technology defrauding a person. Yes, the criminals have a better grasp on technology then a lot of people (in the US at least), but why is it the technologies fault that the citizens are failing to keep up? Does it really take a rocket scientist to figure out that sending $1000 to someone in Nigeria is a bad idea? How about to figure out that it is a bit odd for a company to need to ask for your password, when they have it on file?

    How about rather then blaming everything else, we start looking at the person or company at the center of the problem. Just because someone is a "victim", does not mean they are innocent.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    BackinBlack, Mar 22nd, 2007 @ 8:20am

    Do you people not read???

    The article stated 'used the data from TJX to create dummy credit cards'. That is they manufactuered cards with the stolen CC #s. No new accounts were created, just a recycle of the existing card numbers. What could be easier?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 22nd, 2007 @ 8:21am

    I think he was referring to the Amish community. And yes, they do use money, but nothing like the way traditional farmers or the rest of the world does.

    And for that matter, I come from a farming family. Farmers' wallets are by no means fat. You obviously have not ever looked at the financial books for a farming operation. Chemical, seed for planting, and fuel costs are through the roof, not to mention the cost of machinery purchases and maintenance.

    Try buying a quarter-million dollar combine and see how that fits your budget. And then put on new tires every couple years or so that cost over $1000 per tire. Farmers get stuck buying all their supplies at retail prices, are forced to sell their product at rock bottom wholesale prices (and not before the grain elevators take their cost out of it), and pay shipping both ways (see the previous comment on the elevator's cut). And the middle man wins big in the deal. The price of cereal in the store goes up, the price per bushel of grain for the farmer goes down. Who gets the money? You do the math.

    As for the farm programs, it's bad enough that the government is giving out free money in the first place. But on top of that, there are loopholes that allow colleges/universities and even prisons with agricultural programs to get access to that money, which they certainly don't deserve. They are stealing money from hard-working farmers that are just trying to keep their heads above water. My parents have to take out a new operating loan every year just to be able to buy supplies to go another year, sometimes before they can even pay off the previous year's operating loan. Sometimes I think they'd have better luck going to a casino, because you have a lot better chance of winning millions in a poker tournament than you do betting that an entire year's crop will survive the weather, insects, and various diseases, and actually turn a profit when it's all said and done.

    So don't talk to me about our farmers having plenty of money. I'm not saying there aren't some rich ones out there, but they're probably in control of mega farms or something. The small family farm is a dying breed, and you can thank our wonderful economy for that.

    Back into the topic at hand, I agree that it's stupid for retailers to hold onto sensitive information like that, especially if it's not secure enough. I try to limit the number of places online that want to store my credit card info as much as possible. Even though it's convenient, I don't feel it's safe enough. I wonder though, if the data that got leaked was for credit cards that are applied for from the retailer (assuming they have cards like that, similar to JCPenny's and Sears). In that case, the retailer would probably have good reason to hold onto that info.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Ummm...., Mar 22nd, 2007 @ 8:36am

    Re: Re: Ah the modern age

    You obviously haven't ever toured the Amish community in order to gain insight and understanding into their way of life. They do not reject modern technology as a whole. They reject anything that endangers their family members from getting separated from each other. Things like electricity allow things like radio, TV, computers, etc. to come into the home, and when a person gets wrapped up in those things, that means they aren't spending time with the family. Vehicles allow people to easily travel far away...from the family. And so on. If the horse and buggy isn't good enough to go into town, they catch rides on buses or with friends outside the community. While this may be somewhat of an extreme approach, it does make a lot of sense.

    But as an example of how they do not reject technology as a whole, the Amish dairy farmers have electricity in the barns in order to run the proper equipment for maintaining a sanitary environment for processing milk. Also, I saw one house that was allowed to have electricity in it for running the life support equipment for one of their children who was born with a severe condition. Again, this helps keep the family together.

    Furthermore, when their children enter their teenage years, they enter a phase known as "rumschpringa" (not sure about the spelling) which means "running around." They are allowed to venture out and experience all the outside world has to offer, and they are given the choice of leaving the community for the outside world, or to stay. If they do leave and later want to come back, they are generally welcomed back. However, if you stay and join the Amish church and then later reject it and leave, they consider you dead, holding a funeral and everything, and you can never come back. It is a difficult way of life, but it is not without its good points. In a lot of ways, they are better off than we are.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    R.A.Danny, Mar 22nd, 2007 @ 8:44am

    Re: Ah the modern age

    Ironic how you're responding via the internet.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Casper, Mar 22nd, 2007 @ 9:09am

    Re: Re: Re: Ah the modern age

    I'm not disputing that some people may find it appealing, nor do I think people should tell them how to live. I, however, do not see it as a good example of a functional society. It is isolationism. Everything in the society was geared to limit the influence of the outside world. Much like cult designs, they inhibit their children's ability to ever successfully leave the collective due to a lack of fundamental training and socializations required for the greater of society. I'm not saying their are bad or evil, but I am saying that you do not understand the full culture enough to draw a comparison. To refer to it as a scheme that might apply to a larger scale is absurd. The reason they can function with a level of freedom such as they are afforded is due to the fact they sit in the middle of one of the most technologically powerful nations on the planet. They don't have to worry about the negatives that come with truly being isolated.

    People are free to live their lives as they see fit, but you can not take a superficial glance at a society and make a call of which way is better. You have to weigh the pros and cons for yourself. I happen to have lived around, and know, groups (not Amish, but isolationistic) and families that function in similar manors and have talked to the children. Many times it is not the fact that they don't want to leave or that they recoil from mainstream society, but rather that there isn't a way to get out. Each generation is not only ingrained with a narrow teaching from the previous, but they are also hobbled in their ability to assimilate into any society other then the one they are born into.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    TheDock22, Mar 22nd, 2007 @ 9:25am

    Re:

    So explain this one to me...

    Why does the government pay a wheat farms close to $1 million dollars NOT TO PLANT ANYTHING ON THE FARM because there is too much wheat being grown at the time?

    Why is it my Aunt who is a farmer just built a $300,000 dollar home and toured Europe this year, even though she claims it was a bad year and had to apply for government assistance?

    How come not a single farm in Montana has closed due to lack of money, but they all apply for governmental assistance? Other states might be different, but Montana farmers have a good scam going.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Missing, Mar 22nd, 2007 @ 9:48am

    Farming?

    hmmm, perhaps its time to rethink farmlife...
    go hunting and fishing all year and fill out a little paperwork...
    I could do that!!

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Beck, Mar 22nd, 2007 @ 10:02am

    Back on Topic

    Sorry to get back on topic, but I was wondering why they bought gift cards and then used the gift cards to purchase merchandise. Why didn't they just buy the merchandise directly, without the extra step of buying the gift card? Can someone explain the reason for this?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    TheDock22, Mar 22nd, 2007 @ 10:04am

    Re: Back on Topic

    I would assume it's because the gift cards would not automatically look suspicious being bought and also they are like cash, so it could be more difficult to track.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Mar 22nd, 2007 @ 10:30am

    Re: Re: Back on Topic

    Anything else bought would have a serial number that would be trackable. WalMart cards bring !00% on the dollar when sold since they can be used for food and gasoline. As to the genius who said that can get a credit report every 4 months, the reality is once a year from each of three bureaus. But not many transactions hit all three bureaus. Also takes months to get there.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Wizard Prang, Mar 22nd, 2007 @ 10:42am

    New Term

    "Credit Laundering"

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    TheDock22, Mar 22nd, 2007 @ 10:46am

    Re: Re: Re: Back on Topic

    Yea, once a year from from each credit Bureau. Obviously someone flunked math class: 12 months (1 year in other words) divided by 4 (every four months) is 3 (which there are 3 credit bureaus). After you get a credit report from the last company, four months later you will be upon your 1 year for the first company. So, yes, every four months you can get a free credit report from one of the 3 companies.

    And where all credit places do not report to that same company (so you will not have all the credit cards listed), all three companies will have a listing of every mailing address you (or a thief) have claimed to live at. If there is more than 1 address that you do not recognize then chances are your identity has been stolen.

    If you are really worried about your identity though, then buy the reports every month. If you are not worried at all, then check TransUnion at least once a year because they seem to have the most complete history.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Buck, Mar 22nd, 2007 @ 11:16am

    do not need to hold on to detailed credit card inf

    It is my opinion that companies do not need to hold on to detailed credit card information one second after they receive payment. I was shocked that companies have the detailed credit card numbers and expiry dates months after the money has changed hands. The only company that should have that information is the Credit Card Company themselves.

    If there is a charge back, the credit card company would provide the detailed information regarding that transaction only.

    If every company that allows credit cards hold on to all the detail of every transaction, then this very personal information is available at much too many points.

    In fact once the money has changed hands from the Visa for example, the retailer does not need anything more than the date of the transaction, and approval number. Everything else should be transmitted or shipped to the credit card vendor. Much in the same way Cheques are done. You would not imagine that a giant retailer would hang on the details of your personal cheque, with your account numbers, any more that they should hold on to your complete credit card data. Perhaps they might want to hang on to that little slip of paper with my signature, however that does not have the detailed credit card number (it is covered with security asterix) or expire date.

    Again, when and if there is a chargeback, the vendor can deserves the details.

    As the world gets more and more dependant on electronic transactions, security for personal data becomes more and more important.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    wrs, Mar 22nd, 2007 @ 1:58pm

    Re: Re: Re: Ah the modern age

    The word looks German. Since I am from Germany, I'd spell it "Rumspringer". But your approach was quite well. :-)

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    wrs, Mar 22nd, 2007 @ 2:11pm

    Looks like they revamped counterfeiting

    Beck:
    Sorry to get back on topic, but I was wondering why they bought gift cards and then used the gift cards to purchase merchandise. Why didn't they just buy the merchandise directly, without the extra step of buying the gift card? Can someone explain the reason for this?

    Wizard Prang:
    "Credit Laundering". -- Well, sort of. Kind of counterfeiting it is too. Creating gift cards translate money into pseudo-money, but much easier to counterfeit and much harder to track. And if the other end of it is not the one purchasing by the card, the purchaser becomes almost invisible -- and probably inaccessible for any authorities.

    Especially (and that one is for you, Beck), since gift cards can be traded -- which obfuscates the trace completely. And everyone maybe catched can claim, they just bought the card from some random passer-by.

    Looks like far less risk but plain counterfeiting.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Sand, Mar 29th, 2007 @ 4:11pm

    TJMAX credit card scam

    Now I know why the Visa charge card fraud dept. called to tell me my account number had been compromised about a month ago! Many times, I had used my Visa debit card in Marshalls and Tj Max at several of their Florida branches. I quickly canceled my card and now when I want a bargain, I will use cash only!

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    kar, Mar 30th, 2007 @ 6:59am

    tjmax credit card scam

    We are a nation of credit. If you dont have the cash, you certainly dont need the product. If we all learned to live within our means, and leave credit cards for emergencies. none of this garbage would be happening..as for tjmax.. your security department is surely lacking...

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Sherryl, Apr 18th, 2007 @ 2:46pm

    Re: Re: Re: Whys?

    It is not just your credit they are after. Credit is only a small part of who you are. "But officer I have never been to Nevada let alone been arrested for prostitution!" exclaimed the 84 year old grandfather. I work within the criminal justice system, you would be amazed what a clever devious person can do with your information.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    AGBEKO, May 13th, 2007 @ 11:38am

    WHANT A CREDIT CARD NUMBERS

    WHANT A CREDIT CARD NUMBERS

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Oct 23rd, 2007 @ 7:12am

    why not put your picture on your credit card

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    johnson ben, Nov 14th, 2007 @ 7:01am

    credit card info

    please display some credit cards details including name on cards, card numbers, card verification codes, expiration dates and address of cardholder and other vital information. thanks

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    maduekwe henry, Apr 5th, 2009 @ 3:47pm

    Re: WHANT A CREDIT CARD NUMBERS

    pls i need a credit card to buy a book on the net,here in nigeria,we do not make use of credit card.pls help i need this book,its worth 200$.thanks and God bless

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    samsong og, Mar 25th, 2010 @ 6:30am

    how will i know the full info of this credit card

    cc# 4271035222415929, cc code 218, 04/2013

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    credit, Sep 14th, 2010 @ 8:39am

    Used for taking larger credit

    Often the thieves will get the information which these used for gift cards, and get a large loan on the victim's name. It happened to my neighbor and he found out because a collection agency received his information after the loan hasn't been paid in some time. The nature of credit is spending what you don't have and it's a disaster when others spend the money you can't even return...

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This