Eleven Charged In Massive TJX Data Loss... But Many Are Still Overseas

from the this-is-hardly-over dept

We've had numerous posts about the massive (some say the largest ever) data breach by TJX, parent company of retailers like TJ Maxx and Marshalls. So, it's certainly worth mentioning the story making headlines that the "culprits" of the breach have been charged in the case, but it shouldn't exactly put your mind at ease about these breaches. After all, the credit card info they accessed (over 40 million cards by most accounts) is still out there, though many card holders have already changed their numbers. But, more importantly, it sounds as though most of those responsible aren't in the US at all and are basically sitting free in Eastern Europe and Asia. Hell, one of those "charged" is only known by his online username, with no indication where he might be located. So, yes, it's good that the feds tracked down some of the folks responsible, but most of them are probably still out there getting access to the credit cards your provider sent you to replace the ones compromised by these guys in the first place.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Web Search, Aug 6th, 2008 @ 3:14am

    credit card

    Credit card use has been apparently been going down in the United States because of Severe debt incurred by obsessive users. Who knows maybe some of these debts have occurred because of some of these frauds.
    A better system needs to be implemented that will prevent massive frauds of this kind. The paypal system should be the proper format for this type of system. This might be combined with some bio information like a finger print. It is a great opportunity for a new security business

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Shohat, Aug 6th, 2008 @ 3:39am

    Retailers usually take the hit

    At the end of the day, Credit Card fraud usually results in merchants being hit with chargebacks. Merchants pay the price of processing and lost goods.

    Any credit card user that actually follows the transactions, is highly unlikely to suffer any consequences due to CC fraud.
    999/1000 it's the merchants that take the hit.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    McCrea, Aug 6th, 2008 @ 3:40am

    I didn't realize so many businesses were using wireless networks. That surprises me, but not the results.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    McCrea, Aug 6th, 2008 @ 3:43am

    Re: Retailers usually take the hit

    Customers pay the cost in business.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    TJ EX, Aug 6th, 2008 @ 4:24am

    How'd It Happen?

    The security of the network was clearly the responsibility of the IT management. The people in charge should now be counter clerks at Burger King. Is this too harsh? No. Who else would have taken responsibility for the computing infrastructure.

    Think of the breach like this - what would the reaction be if the architectural firm that designs the stores didn't include locks for the doors? Do you think there would be hell to pay from the corporate management?

    In cities all over the US war driving is practiced everyday by young geeks. I've even tried it myself, and I'm 55!. Turn on the laptop, fire up Netstumbler and see who's left their network wide open. Is it so hard to understand how serious leaving an unsecured network open is?

    TJX should pay every last penny for this breach, as should ANY business that allows this to happen.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 6th, 2008 @ 5:49am

    The security of the network was clearly the responsibility of the IT management. The people in charge should now be counter clerks at Burger King.

    That's a bad idea. I already have enough trouble getting my order correct by the current staff.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Formerly anon cow, Aug 6th, 2008 @ 7:00am

    Re: How'd It Happen?

    The security of the network was clearly the responsibility of the IT management.

    What IT management? Have you ever seen a tech at any of these stores? Maybe that was the problem. There was NO IT telling these people that wireless is NOT secure. Just someone who got contracted to put up what the customer wants how they want it.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Overcast, Aug 6th, 2008 @ 7:47am

    Mixing Money and Computers - particularly ones tied to the internet - has always been and will always be a bad idea.

    My main bank account - without a debit card, is as close to inaccessible as it can get. It's easy to just stop at the bank, make a withdrawal and use a pre-paid card for online purchases. I'm not really paranoid at all, just think it's silly to trust computers too much.

    If the hacker has my credit card number - he'll have to add money to it first, before he can use it :)

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Kilroy, Aug 6th, 2008 @ 8:15am

    Re:

    I like the way you think. And although someone else said that the business pay the price of cc fraud in a separate post above. I disagree! We all pay the price because the business passes along the price of those losses to the customer in how the retail/wholesale markup or service fee prices are calculated.

    The more we can do to prevent these types of crime ... the better off we ALL are in the long run. And in some cases that might mean saying I will not use your wireless Interact machine because I don't know how secure your network is.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    James, Aug 6th, 2008 @ 8:21am

    Debit Cards

    This is why debit cards are EVIL and should NEVER EVER be used as credit cards.

    If someone manages to steal your REAL credit card number the liability to the individual is minimal or nill, but if they get your debit card number (even if your bank reimburses you) it could still be a huge PITA.

    That aside, credit card companies are aware of this kind of fraud but promote cc use so heavily because even w/some fraud and loss they make so much in interest and fees it more than covers it.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Abdul, Aug 6th, 2008 @ 11:37am

    Re: Retailers usually take the hit

    What should be done now to the victims of these credit card fraud? I think they deserve to be compensated!! How many of suh fraud are presently going unnoticed remains to be seen. It simply means we are not too ready to combat the growing threat of cyber crime: Unprepared to Fight Worldwide Cyber Crime(http://www.internetevolution.com/author.asp?section_id=593&doc_id=147027&F_src=flftwo)

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Aug 7th, 2008 @ 7:33am

    Re: Retailers usually take the hit

    Good, in this case at least it is the merchants who were at fault. They asked to be trusted with customer information and they did live up to thier (moral) obligation to protect that information.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Benjamin Wright, Aug 7th, 2008 @ 8:59pm

    over-reaction

    Careful reading of the indictments show that the media, card issuers and Federal Trade Commission over-reacted to the TJX incident. TJX was not as bad as we were led to believe. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Me, Aug 8th, 2008 @ 5:40am

    Re: Debit Cards

    Your conclusion doesn't follow. Our Mastercard-networked debit card numbers were compromised in one of these scams. Bank security called to ask us if we were really buying racks of computer hardware from Singapore, to be shipped to Singapore. No, can't say that we were... The bank replaced the cards and we never saw the charges. According to U.S. federal law, the maximum liability you face in the event of debit card theft is $50, provided you report the theft within 2 days of learning of it. I don't feel that's too much for the banks and credit unions to ask. The liability is staggered - within 3 to 60 days of a bank statement reflecting the problem, you're liable for up to $500. After that, the bank figures you meant to spend the money. After two bank statements that reflected the thefts, I'd say you've been informed... Here's the info, spelled out more formally: http://www.federalreserve.gov/pubs/consumerhdbk/electronic.htm or http://tinyurl.com/5lrkbu . And that's just federal law. Mastercard and Visa are free to cover some or all of that consumer liability. They do expand on it. If you use your debit card over Mastercard's credit network (i.e., signing instead of using the PIN), you're generally not liable for unauthorized transactions, be they in person, by phone, or online. They've got some weasel wording in there, but it's not too bad. http://www.mastercard.com/us/personal/en/cardholderservices/zeroliability.html or http://tinyurl.com/2l5v3m I should point out that these conditions apply whether your Mastercard is a credit card or a networked debit card. So either way, there's the same potential aggravation in the event of theft or fraud. I've lived off debit cards for several years, now. I've rented cars, made hotel reservations, and flown nationally and internationally. I've used them in and out of country. Thus far, no worries. I'm not a Pollyanna. ID theft is real, and as you said, a huge PITA. But credit card fraud is just as much of a pain to sort out as debit card fraud. The only difference in the law's eyes is that you have to actually pay attention to your bank statements, to minimize debit card liability. I just don't think that's too much to ask.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This