As an apology to the millions of consumers who had their credit card info stolen, TJX (that’s T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright) is offering fifteen percent off all purchases in stores today only. We suggest that you pay with cash.
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Researchers from Department of Computer Sciences at the University of Texas at Austin say they can reverse Netflix’s anonymous data (which was released in to the public as part of a contest to see if someone could design a better rating system) by comparing it to only a few ratings on IMDb. The result? Specific users can be identified and linked to their (ostensibly) private ratings.
Releasing the data and just removing the names does nothing for privacy,” Shmatikov told SecurityFocus. “If you know their name and a few records, then you can identify that person in the other (private) database.”
The recently reported TJ Maxx security breach—where data on 94 million credit card accounts was stolen in 2003, 2004, and 2006—has ended up costing the company $200 million and counting. But although it’s the biggest example so far of retail data theft, TJ Maxx isn’t the only retailer doing a poor job of keeping sensitive data protected from hackers. One wireless security vendor recently surveyed thousands of stores and discovered that a significant number of retailers don’t practice good wireless security: