45.7 Million Credit Cards Stolen In TJMaxx Breaches

45.7 million credit cards were stolen in recently disclosed security breaches at TJMaxx, regulatory filings revealed yesterday.

…Making it the largest robbery in the history of man.

It’s time to start pressuring merchants to stop endlessly archiving our banking data. Why do they get to keep a copy of our credit cards forever? — BEN POPKEN

TJX breach involved 45.7m cards, company reports [Boston.com] (Thanks to KevinQ!)
(Photo: Sonny-)

Comments

Edit Your Comment

  1. OnceWasCool says:

    Good Lord, what is that santa doll doing to the other doll in that picture??? Doggie style?

  2. gorckat says:

    Why do they get to keep a copy of our credit cards forever?

    In a few rare cases, being able to look a purchase up by credit card number actually benefits a customer (usually warranty type stuff where the original receipt is lost- at CompUSA I’d be able to find stuff several years old in the boxes we had in on-site storage and help a customer avoid paying hundreds of dollars for a repair).

    In most cases, though…it does make no sense.

  3. thrillhouse says:

    Why do they get to keep a copy of our credit cards forever?

    ,


    I have no idea, but that image is awesome

  4. ahwannabe says:

    In the immortal words of King of the Hill’s Dale Gribble, “PAY CASH! DON’T LEAVE A PAPER TRAIL.”

  5. j.a.s.o.n says:

    “Why do they get to keep a copy of our credit cards forever?”

    For data mining and customer profiling.

  6. Franklin Comes Alive! says:

    Why do they get to keep a copy of our credit cards forever?

    Because they can? There’s no real penalties for crap like this? etc, etc, etc

  7. Trai_Dep says:

    We need a Federal law that requires the total credit profiles, including social security numbers, of the top twenty executives of any corporation that leaks out significant personal data must be published publicly. In a manner convenient for instant transmission to global ID theft rings.

    For a two-year period following their losing our data, they’re blocked from having lackeys clean up the mess. And no credit freezes or preventive measures.

    Two weeks after this bill is passed, we’ll have the most secure system in the world.

  8. LatherRinseRepeat says:

    I think lots of companies are retaining your credit card info, among other things. If you go to a retailer that uses those digital signature pads, they’re also capturing your signature with your credit card number. They tell you it’s for fraud prevention. That may be partially true, but who knows what else they could be doing with it. And who else they’re sharing your info with.

    I have to agree.. pay cash.

  9. MeanMachine says:

    #### me Santa! ##### me Santa! ##### me Santa!

  10. Uurp says:

    If I had cash I would use it.

  11. Juliekins says:

    If anyone is interested in reading it, here’s the Payment Card Industry Data Security Standard. Companies do not have to retain the entire PAN (Primary Account Number) and may opt not to due to the risk of what would happen if their security measures were breached. They are, however, perfectly within their rights to do so provided information associated with the PAN (the stuff you need to make it useful like cardholder name, expiration date, CVV) are properly secured.

    It boggles my mind that a company as big as TJX allowed this to happen. This stuff is not rocket science and it’s not hard to get help if a company doesn’t want to set up the infrastructure on their own. They’re called “consultants,” TJX. You should have hired some.

  12. kerry says:

    @MeanMachine: My thoughts exactly.

  13. mac-phisto says:

    @LatherRinseRepeat: there is only one purpose for those signature/PIN pads – reduced paperwork. the only reason a merchant needs to retain your signature is in the case of a chargeback. by creating an electronic file with all the necessary information to prove the transaction is valid, they no longer need to retain years of physical paper slips & then spend dozens of workhours trying to find them.

  14. j.a.s.o.n says:

    @FitJulie: “It boggles my mind that a company as big as TJX allowed this to happen. This stuff is not rocket science and it’s not hard to get help if a company doesn’t want to set up the infrastructure on their own. They’re called “consultants,” TJX. You should have hired some.”

    They did. They retained the services of Fifth Third bank for ensuring that TJ Maxx met data security standards.

  15. mac-phisto says:

    @j.a.s.o.n: i’ve been spending the last half hour trying to find that. everyone’s blaming tjx (& rightfully so), but fifth-third is getting a free pass here.

  16. j.a.s.o.n says:

    @mac-phisto: I Googled for “fifth third bank tj maxx” and found some news about it.

  17. LAGirl says:

    @oncewascool:

    Bad Santa. Bad!!

  18. John Stracke says:

    <sung> “I saw Mommy bending over for Santa Claus…”

  19. quagmire0 says:

    Can anyone explain to me how long a company needs to keep your credit info on record for? I would think that after a transaction is completed, it should not be necessary for your actual CC number or anything else that’s private to be held onto. The company should only need to keep the transaction number with the credit card company for reference. IMO, identity theft occurs as a result of companies hanging onto your information too long for marketing purposes.

  20. unwritten07 says:

    There should be a law that requires the company to have written consent to keep your credit/checking info for more than a specific period of time after a transaction is complete. I don’t think they would need more than, say, 30 days to make sure that a charge is not going to be reversed.

    That way if you know you’ll want to order from Amazon during the next year or you have a contract with a company you print out a form, sign it and send it in.

    This would put a stop to these “free” trials being auto-billed for months on end while you’re on hold with the company waiting for your chance to beg them to stop.

  21. bighead says:

    This is not the first time this has happened to TJ Maxx. About five years ago I got a call from my bank telling me my card needed to be replaced due to a security breach from TJ Maxx.

  22. SexCpotatoes says:

    I feel so special! I’m one of the lucky 45.7 million, wait, you mean I didn’t win anything? I have to get a new debit card number, when I had the old one memorized and everything? Fuck….

  23. zedsls says:

    Thank you for contacting TJX.

    TJX truly regrets any difficulties our customers may have experienced. Our customers are very important to us, and we very much appreciate their patronage.

    Credit card customers have rights under their cards to protect them from fraudulent transactions and should contact your credit card company if they feel there has been fraud on their account. Addtionally, we are providing customers with information on steps they can take to find out if their own accounts have been compromised.

    TJX is not offering compensation. Because we are engaged in litigation, we cannot comment further at this time.

    We encourage you to visit our Corporate web site at http://www.tjx.com for the most up to date information as it becomes available.

    Sincerely,

    Diane
    TJX Customer Service