http://consumerist.com/2009/02/24/an-employee-of-starbucks-has/

An employee of Starbucks has filed a class action lawsuit against the company for failing to properly secure employee data. The employee was one of one of 97,000 notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen. [NetworkWorld via Starbucks Gossip]

Sorry About That Data Breach, Here's 15% Off!

Sorry About That Data Breach, Here's 15% Off!

As an apology to the millions of consumers who had their credit card info stolen, TJX (that’s T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright) is offering fifteen percent off all purchases in stores today only. We suggest that you pay with cash.

Credit And Debit Card Breach May Affect Over 100 Million

Credit And Debit Card Breach May Affect Over 100 Million

The Washington Post has reported that Heartland Payment Systems, a payment processor that services “more than 250,000 businesses,” has had more than 100 million transactions compromised via malicious software that was installed on its network; it will likely turn out to be the largest data breach ever reported. The “good” news is that the criminals were only capturing credit card numbers, the names on the cards, and expiration dates—the info encoded onto the magnetic strip on the card. Because no addresses, SSNs or PINs were stolen, the prospect of full-blown identity theft is pretty small—which must explain why Heartland isn’t offering any sort of credit monitoring package as compensation. Instead, their CFO says, “We recognize and feel badly about the inconvenience this is going to cause consumers.”

Aflac Accidentally Introduces 624 Strangers To Each Other Via Mass Email

Aflac Accidentally Introduces 624 Strangers To Each Other Via Mass Email

We’d hoped that Activision’s blunder would be the last one, but it turns out the HR department at Aflac can’t find the BCC field either. Reader Corey writes in to let us know he just received an email addressed to him and 623 other people who were interested in jobs with the insurance company. Our guess is some of the recipients won’t be so interested in a career with a company that doesn’t care about the privacy of its employees. After the jump, a quick guide to obscuring other recipients’ email addresses so this doesn’t happen again.

Former Countrywide Employee Arrested For Stealing, Selling Customer Identities

Former Countrywide Employee Arrested For Stealing, Selling Customer Identities

The FBI has announced that a former Countrywide employee and his accomplice were arrested on charges related to “illegal access of computers containing personal information,” and “illegal sale of the data.” A criminal complaint filed last Friday alleges that one of the men, Rene L. Rebollo Jr., a senior financial analyst for Countrywide Home Loan’s subprime mortgage division (who was let go in July), had been harvesting data from Countrywide’s computers for the past two years — downloading and storing the information on personal flash drives.

Curves Leaves Working Computer Full Of Personal Information In An Office Dumpster

Curves Leaves Working Computer Full Of Personal Information In An Office Dumpster

UPDATE: Adam has been in contact with the owners and has posted an update on his site.

Wells Fargo Allows Your Data To Be Breached – Twice

Reader Bryan’s Wells Fargo credit/debit card stopped working unexpectedly one day while he was trying to gas up his car. He was confused because he had used the card the night before with no problems. He spoke to a Wells Fargo CSR at a local branch and discovered that the data for 125,000 cards, including his, was “compromised” thus deactivating his card. This had already happened to him once before within the last year and he was not pleased. His letter, inside…

LendingTree Data Breach: Former Employees Were Sharing Passwords With Unapproved Lenders

LendingTree Data Breach: Former Employees Were Sharing Passwords With Unapproved Lenders

LendingTree announced today that several former employees are suspected of sharing passwords with lenders that were not approved by LendingTree, and that this may have exposed customer data including: name, address, e-mail address, phone number, Social Security number, income and employment information.

Don't Want A Debit Card? Key Bank Will Charge You $1 A Month

Don't Want A Debit Card? Key Bank Will Charge You $1 A Month

After hearing about Hannaford’s giant customer data breach yesterday, Brian decided to cancel the debit card he’d used there. That’s when he found out that Key Bank really wants you to have a debit card. In fact, they’ll charge you a small monthly fee to not have one linked to your “free checking” account. We figure that this means Key Bank makes about $12 a year more off of customers who have linked debit cards—and that if you want greater security on your account, it’s going to cost you.

CSO Maps State-By-State Data Breach Disclosure Laws

CSO Maps State-By-State Data Breach Disclosure Laws

CSO has produced an interactive U.S. map that shows what’s required of companies that suffer a data breach in the 38 states that care enough about consumer rights to have passed disclosure laws. Most are modeled after California’s strict SB1386 anti-ID theft law, but now you can tell at a glance what your state is doing about the issue—and in most cases you can click on the icon in the pop-up info box to see a copy of the actual law.

Social Security Numbers Visible On Envelopes Mailed By Wisconsin… AGAIN

Social Security Numbers Visible On Envelopes Mailed By Wisconsin… AGAIN

Look, Wisconsin. We weren’t kidding around last time. We really did mean it when we said that it wasn’t cool to print people’s Social Security Numbers where anyone can see them. How can people who are smart enough to sell sausage shaped like beer (above) not able to figure out that the SSN is a secret?

Geeks.com Website Hacked, Customer Data Stolen

Geeks.com Website Hacked, Customer Data Stolen

If you bought anything from Geeks.com in at least the last year or so, you might want to start paying close attention to your credit card statements—the company sent out an email on Friday telling former customers that they “recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.” Full email after the jump.

TJX To Pay Up To 40.9 Million For Data Breach

TJX To Pay Up To 40.9 Million For Data Breach

TJX will be paying as much as 40.9 million in a settlement with Visa and the bank that processes their credit card payments , says the Associated Press.

The funds will be used to help U.S. credit card issuers such as banks recover costs related to the breach, which may have exposed more than 100 million cards to potential fraud, TJX said.

National Retail Federation: Credit Card Companies Don't Care About Data Security

National Retail Federation: Credit Card Companies Don't Care About Data Security

Last Sunday’s 60 minutes had a report by Lesley Stahl about the now-infamous TJX data breach.

Credit Card Companies Say TJ Maxx Breach Affected 94 Million Accounts

Credit Card Companies Say TJ Maxx Breach Affected 94 Million Accounts

According to new court papers, Visa and Mastercard are saying that the TJ Maxx security breach actually affected 94 million accounts—more than double the amount that TJ Maxx reported.

Guess Who's Not Getting Anything From The TJ Maxx Settlement? You!

Guess Who's Not Getting Anything From The TJ Maxx Settlement? You!

Mouseprint.org has read the fine print and they say you’re probably out of luck when it comes to the TJ Maxx Settlement:

So, it is primarily shoppers who returned goods without a receipt during the relevant period who qualify for that part of the settlement. That amounts to some 455,000 people, a mere 1% of the total number possibly affected. These people have already received a direct notification of the breach from TJX, and will also be entitled to other compensation if they experienced actual losses.

TD Ameritrade Knew About Data Breach Since May

TD Ameritrade Knew About Data Breach Since May

Ameritrade has known about the problem at least since late May when two of its customers sued the brokerage in federal court because they were receiving unwanted e-mail ads on accounts used only for Ameritrade.

Should Consumers Be Notified Of Every Data Breach?

Should Consumers Be Notified Of Every Data Breach?

The report claims that it has “no recommendations,” but the language of the report suggests otherwise. Consumer advocates are taking issue with the GAO’s “not-a-recommendation” of a risk-assessment plan, in part because they believe that every consumer who has been the victim of a data breach should know about it, and also because the connection between data breaches and ID theft is difficult to assess, thus making it somewhat unbelievable that an accurate and useful risk-assessment program could be created.