Advertisers
Free Chat Rooms   UK Chat Rooms   Chat Community   Chat   
Free Chat Rooms   Punk Rock T-Shirts   Free Chat   Live Chat   Concert Bands T Shirts   Chat Rooms   Fitness News   Band T Shirts   
Free Web Directory | Directory Submission Service | Buy Text Links | Theaters and Showtimes | News Archive |
Suggest a Site | Check Status

Shoppers Alert: Did Hackers Steal Your Credit Info?

Current Headlines

Shoppers Alert: Did Hackers Steal Your Credit Info?

Mar 30, 02:17 PM

Current Headlines: By KEVIN G. DeMARRAIS, STAFF WRITER

Check those credit card bills closely.

North Jersey shoppers are among millions who got that warning Thursday after TJX Cos., the owner of T.J. Maxx and Marshalls discount stores, said that computer hackers stole at least 45.7 million credit card numbers, the biggest theft of such data.

About 75 percent of the debit and credit cards had either expired at the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes, the company said.

TJX disclosed the breach in January, but it wasn't until late Wednesday, in a regulatory filing, that the company put a number on how much card data were compromised and it's a number that TJX acknowledges could go still higher.

Experts say TJX's disclosures revealed security holes that persist at many firms entrusted with consumer data: failure to promptly delete data on customer transactions, and to guard secrets about how such data are protected.

"It's not clear when information was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was," said Deepak Taneja, chief executive of Aveksa, a Waltham, Mass.-based firm that advises companies on information security.

Security breaches have become more common in recent years, including theft of a laptop containing personal information on 26.5 million veterans, stolen last June from a Veterans Affairs employee.

The big difference is that the VA thief was apparently after the computer, not the data, and when the computer was discovered there was no apparent attempt to use the information. Many other high- profile security breaches resulted in personal data being vulnerable, but there have been few instances in which thieves cashed in.

With the TJX security breach, however, the hackers were apparently going after the data, although the company said it doesn't know if any of the credit card numbers or personal information were used by the thieves.

Even so, consumers need to be alert, said Phyllis Salowe-Kaye, executive director of New Jersey Citizen Action. "This points to the need to scrutinize your bills every single month."

Salowe-Kaye said she learned of the TJX problem when her bank sent her a new debit card for her checking account this month.

"We couldn't understand why we got a new card," she said. The bank said it was a safety precaution because she had recently used the card at one of the TJX stores.

TJX also said personal data on 455,000 people including numbers for drivers' licenses and military identification cards was stolen. The U.S. Secret Service and TJX are trying to determine who the hackers were.

To cut down on identity theft, New Jersey passed a law in 2005 giving consumers some of the strongest protections in the nation.

The law, which took effect 15 months ago, can't prevent security breaches such as hackers breaking into computers. But it requires companies that maintain computer databases of personal information to act quickly and publicly in case of a problem.

The law prohibits the use of Social Security numbers as identification numbers, except as needed for financial dealings. It also forces businesses, colleges, unions, insurance companies, police departments and other public agencies to purge files and shred documents.

"The fact that New Jersey has a strong law is great, but it all comes down to consumer monitoring," Salowe-Kaye said. "Our concern is that everyone is not vigilant, especially people who are not financially educated."

Besides T.J. Maxx and Marshalls, TJX operates stores under the names HomeGoods, A.J. Wright and Bob's Stores. The company has 100 stores in New Jersey, including 16 in North Jersey.

The data theft set a record for the quantity of credit-card numbers stolen, said Avivah Litan, an analyst with Gartner Inc., a consulting firm that specializes in technology issues.

The computers were first hacked in July 2005, then from mid-May 2006 to mid-January 2007, the company said. The stolen data related to sales at TJX stores that took place in 2003 and 2004.

TJX had collected driver's license and other personal data from customers who returned merchandise without a receipt. TJX said it is notifying affected people by letter.

Previously, the largest theft of such data occurred in 2005 when 40 million credit cards were accessed at CardSystems Solutions Inc., a payment processor, Litan said.

TJX said it faces lawsuits related to the breach in state and federal courts in Alabama, California, Massachusetts, Puerto Rico and in provincial courts in six Canadian provinces.

***

(SIDEBARS, PAGE A10)

How businesses can protect themselves

* The Fair Credit Reporting Act requires a business to provide identity-theft victims, at no charge, a copy of the business- transaction records relating to the incident within 30 days of the victim's request.

* Businesses must also provide these records to any law- enforcement agency that the victim authorizes.

* Call the local police department immediately when it is discovered that personal information has been compromised and could result in harm to a person or business. If the local police are not familiar with investigating information compromises, contact the local office of the FBI or the U.S. Secret Service.

* For incidents involving mail theft, contact the U.S. Postal Inspection Service.

* If account-access information such as credit-card or bank- account numbers have been stolen from you, but you do not maintain the accounts, notify the institution that does, so that it can monitor the accounts.

* If you collect or store personal information on behalf of other businesses, notify them of any information compromise.

* If the compromise involves a large group of people, advise the credit bureaus if you are recommending that people request fraud alerts for their files.

Kevin G. DeMarrais

***

For those who suspect identity theft

* Notify your local police and get a copy of the police report. It can be a big help in settling later claims.

* Contact any one of the national credit agencies: Equifax (800- 525-6285, equifax.com), Experian (888-397-3742, experian.com) or TransUnion (800-680-7289, transunion.com) and place a fraud alert on your credit reports.

* Monitor your credit report and credit card statements. Report questionable activity to the card issuer. Keep in mind that fraudulent activity may not show up right away.

* Contact government agencies to cancel and replace any stolen driver's licenses or other identification documents, and to "flag" your file.

* Watch for telltale signs: late or missing bills, receiving credit cards you didn't apply for, being denied credit or offered less-favorable terms for no apparent reason, being contacted by debt collectors for purchases you didn't make.

Kevin G. DeMarrais

***

This article contains material from Bloomberg News and The Associated Press. E-mail: demarrais@northjersey.com

(c) 2007 Record, The; Bergen County, N.J.. Provided by ProQuest Information and Learning. All rights Reserved.

Shoppers Alert: Did Hackers Steal Your Credit Info?
Back to Current Headlines
Repair Credit   Gate Operator   Harley Davidson Accessories   Wedding DJ Massachusetts