Re: TJX breach involved 45.7m cards, company reports

["DAIL, ANDY" <ADAIL () sunocoinc com>]

At $30 per card, that's close to $1.3B just in re-issuance costs, in
addition to any fines or lawsuits.  They'll never be able to account for
the cost of lost business.

I'd wager a comprehensive PCI-DSS program looks like a bargain, in
hindsight.


-----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of B.K. DeLong
Sent: Wednesday, March 28, 2007 9:13 PM
To: lyger
Cc: dataloss () attrition org
Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports


Finally. Glad we finally know.

On 3/28/07, lyger <lyger () attrition org> wrote:
> (Keep in mind that these are credit card NUMBERS, and not PEOPLE...
> people often have more than one card.  Attrition's Dataloss Database
> (DLDOS) will be updated accordingly)
>
> http://www.boston.com/business/ticker/2007/03/tjx_breach_invo.html
>
> At least 45.7 million credit and debit card numbers were stolen by
> hackers who broke into the computer systems at the TJX Cos. in
> Framingham and the United Kingdom and siphoned off data over a period
> of several years, making it the biggest breach of personal data ever
> reported, according to security specialists.
>
> TJX, the Framingham discounter that operates the T.J. Maxx and
> Marshalls clothing chains, also reported in a regulatory filing
> yesterday that another 455,000 customers who returned merchandise
> without receipts had their personal data stolen, including drivers'
> license numbers. "It's the biggest card heist ever," said Avivah
> Litan, vice president of Gartner Inc. "This was obviously done over a
> long period of time, in many locations. It's done considerable
> damage."
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss Tracking more than 158 million
> compromised records in 609 incidents over 7 years.


--
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss Tracking more than 158 million compromised
records in 609 incidents over 7 years.

This message and any files transmitted with it is intended solely for the designated recipient and may contain 
privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in 
whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and 
delete the original and any attachments.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7 years.