TJX breach involved 45.7m cards, company reports

[lyger <lyger () attrition org>]

(forwarded for snippage purposes)

From: adrian.sanabria () gmail com
To: B.K. DeLong <bkdelong () pobox com>, "DAIL, ANDY" <ADAIL () sunocoinc com>
Cc: dataloss () attrition org
Date: Thu, 29 Mar 2007 16:04:13 +0000
Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports

Consider though, that they're saying 75 percent of the data was masked or 
expired. In my opinion, if someone steals the
CCN of the Capital One card I had back in the 90s, it shouldn't be counted 
in the official compromise numbers.

Sent via BlackBerry from Cingular Wireless

-----Original Message-----
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Thu, 29 Mar 2007 11:32:38
To:"DAIL, ANDY" <ADAIL () sunocoinc com>
Cc:dataloss () attrition org
Subject: Re: [Dataloss] TJX breach involved 45.7m cards, company reports

Don't forget there's probably a PCI fine as well as the possibility of
loss of processing rights.  Though, that would kill TJX, (not that
they're not hurting already).

On 3/29/07, DAIL, ANDY <ADAIL () sunocoinc com> wrote:
> At $30 per card, that's close to $1.3B just in re-issuance costs, in
> addition to any fines or lawsuits.  They'll never be able to account for
> the cost of lost business.
>
> I'd wager a comprehensive PCI-DSS program looks like a bargain, in
> hindsight.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7 years.