var json_comments = new Array("
\"user-pic\"
NeoteriX
April 28, 2007 8:14 PM
Moderate | Flag for review

We were discussing this in my Consumer Law class a few weeks ago, and the thing is, we live in a world where any computer system is \"hackable\" given enough desire, time, and resources. Add on to this the fac that the last I read, there was evidence that this may have been an \"inside\" job, where someone had critical access to the TJX servers. If this is in fact so, what should the liability be for TJX? I mean, what is the \"reasonable\" amount of computer security a company should impose? Is there really anyway of absolutely safeguarding this stuff?

Reply
","
\"user-pic\"
mac-phisto
April 29, 2007 4:59 AM
Moderate |Flag for review

@NeoteriX: there is an assumption that the security should be there. banking regs place full responsibility on the holder of the information (& rightfully so).

banks have lost a lot of money on this. imagine a bank with a million customers. 1/4 of them shopped at a TJX store. that's 250,000 compromised accounts. card replacement alone on those accounts >$1 million. if 10% of them had lost $1000 in fraud transactions, that's another $25 million. customers also tend to take this out on their bank, as if they could have prevented this - that's lost business & revenue.

if those numbers are too outlandish, think about this. a small town community credit union (3000 members) where a few associates of mine work spent $4000 in card replacement, & had ~$3500 in fraudulent charges that they had to reimburse. it is unknown at this point whether the bond company will honor claims on this event or not.

that's $7500 in unbudgeted expense for a business that typically generates less than $40,000/yr in profit.

Reply
","
\"user-pic\"
econobiker
April 29, 2007 10:22 AM
Moderate |Flag for review

Good. About time they made a company an example. I got my number (actually ex-wife's debit card) hacked and cloned, probably from the 2003 data breach, and used Feb 2006 even though she hadn't used the card for around a year.

Superbowl '06 weekend Saturday some lady (since it was ex-wife's name on card) had a great time in NYC and burnt Banana Republic for about $1600 and cleaned my checking account out whicht also included the debit card purchase test for a $2 coffee in the morning, and meals/drinks all day long ending with Chinese take out early sunday morning. And I got the declined card Sunday afternoon...in TN where I live.

And the AmSouth customer service briefly tried to blame me Monday morning claiming that the card had to be presented for the purchases. I said \"Helloooo- you ever hear of a card clone?\"

Burn in hell TJMaxx...

Reply
","
\"user-pic\"
SadSam
April 29, 2007 1:22 PM
Moderate |Flag for review

My TJMaxx/Citibank story. I went to pay my Citibank bill on-line and found my Citibank account locked down (recently, within the last 2 months). I thought that was weird and called up Citibank and was connected with a lovely woman in India who explained that since I had used my credit card at TJ Maxx at some point in the past they had closed the account. Yes, they had closed the account without providing any notice. Hmmmm, that presented a number of problems, one I had automatic charges going to that credit card and two I needed to pay my bill and since I always pay my bill on-line I did not have enough time to send a bill through the mail. Citibank was oh so helpful and offered to take a payment over the phone (not) and/or offered to waive any late fee if I sent the bill in by mail (not) and offered to send out a new card by next day mail (not, was told it was take 3 weeks to receive new card) and offered to compensate me for any troubles with other vendors since they had closed the account I have auto charges billed to (again not). Bottom line, my husband and I both closed out Citibank credit card accounts and we have vowed never to go back. I can understand the banks moving quickly to cut off the damage done by this breach but they also should have some concern for their customers as they do so.

Reply
","
\"user-pic\"
Sudonum
April 29, 2007 3:50 PM
Moderate |Flag for review

Regarding data breaches. My father-in-law owns a company that sells Point-Of-Sale equipment, primarily to restaurants. He installed a system a couple of years ago in a local restaurant, complete with current firewall and AV software. In the next year someone at the company disabled the firewall, supposedly because it was causing problems with their credit card verification system, a system provided by another vendor.

Their system was hacked and credit card data stolen. They sued my father-in-law for not providing them a secure system. The case right now is still in discovery. My FIL's attorney is having a hard time with this case because there isn't much in the way of precedents. He is following the TJX case very closely.

Reply
","
\"user-pic\"
Trai_Dep
April 29, 2007 4:21 PM
Moderate |Flag for review

It's great that companies are being sued by The Big Guns when they're sloppy with our data. Awesome: playground fight! playground fight!!

Reply
","
\"user-pic\"
shdwsclan
April 30, 2007 4:38 AM
Moderate |Flag for review

Gotta love corporate america. Its not really a hack if the data is not encrypted and people that dont have database security certificates use sensitive databases....but thats what happens when you hire by networking versus actual ability....

Enencrypted backup tapes and paper trails....i tell you what...

Reply
","
\"user-pic\"
OnceWasCool
April 30, 2007 12:50 PM
Moderate |Flag for review

Class action lawsuits only produce MILLIONS for the lawyers and the victims just get a door price.

Reply
","
\"user-pic\"
mac-phisto
April 30, 2007 5:17 PM
Moderate |Flag for review

@oncewascool: yeah, but this is bank class action. you're not going to see the money & the lawyers are probably contracted by some of the bigger banks. bankers always get their money back one way or another & you can guarantee that the interest will be calculated to the thousandth of a penny.

Reply
");