Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.
Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.
For me this has serious integrity implications.
The TJX Companies, a large retailer that operates more than 2,000 retail stores under brands such as Bob’s Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright, said on Wednesday that it suffered a massive computer breach on a portion of its network that handles credit card, debit card, check and merchandise transactions in the United States and abroad.
The company does not know the extent of the breach, which was first discovered in December 2006. However, hackers may have made off with credit and debit information from transactions in the United States, Canada and Puerto Rico in 2003 as well as transactions between May and December 2006, according to a company statement.
Hopefully the retailer and the credit card companies will bear the brunt of the hack attack and not pass the costs onto the customers.
I really believe customers shouldn’t be penalized for sloppy company security.
The TJX breach recalls other recent hacks, including BJ’s wholesale club and another, reportedly at OfficeMax in 2005. Those breaches, as well as incidents like the hacking of card processor Card Systems, prompted the payment card industry to issue new rules, dubbed the PCI, about how sensitive data is stored and transmitted on internal systems.
However, Spitzer of the MBA said that banks still bore the brunt of security breaches at retailers because they have to pay to reissue cards to customers and absorb the financial losses from unauthorized account withdrawals. Small banks and credit unions often have trouble absorbing those costs, though they are not at fault in the breach itself, Spitzer said.
We’ll have to wait and see I guess.
Source: CSO Online
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool
- Indian Credit Card Fraud Exposed – Linked to Symantec
- Target CIO Beth Jacob Resigns After Huge Breach
- TJX Credit Card Hackers Busted – Largest US Data Breach
Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,137,377 views
- Hack Tools/Exploits - 581,246 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 414,201 views