CSO has produced an interactive U.S. map that shows what’s required of companies that suffer a data breach in the 38 states that care enough about consumer rights to have passed disclosure laws. Most are modeled after California’s strict SB1386 anti-ID theft law, but now you can tell at a glance what your state is doing about the issue—and in most cases you can click on the icon in the pop-up info box to see a copy of the actual law.
Look, Wisconsin. We weren’t kidding around last time. We really did mean it when we said that it wasn’t cool to print people’s Social Security Numbers where anyone can see them. How can people who are smart enough to sell sausage shaped like beer (above) not able to figure out that the SSN is a secret?
If you bought anything from Geeks.com in at least the last year or so, you might want to start paying close attention to your credit card statements—the company sent out an email on Friday telling former customers that they “recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.” Full email after the jump.
TJX will be paying as much as 40.9 million in a settlement with Visa and the bank that processes their credit card payments , says the Associated Press.
The funds will be used to help U.S. credit card issuers such as banks recover costs related to the breach, which may have exposed more than 100 million cards to potential fraud, TJX said.
Last Sunday’s 60 minutes had a report by Lesley Stahl about the now-infamous TJX data breach.
According to new court papers, Visa and Mastercard are saying that the TJ Maxx security breach actually affected 94 million accounts—more than double the amount that TJ Maxx reported.
Mouseprint.org has read the fine print and they say you’re probably out of luck when it comes to the TJ Maxx Settlement:
So, it is primarily shoppers who returned goods without a receipt during the relevant period who qualify for that part of the settlement. That amounts to some 455,000 people, a mere 1% of the total number possibly affected. These people have already received a direct notification of the breach from TJX, and will also be entitled to other compensation if they experienced actual losses.
Ameritrade has known about the problem at least since late May when two of its customers sued the brokerage in federal court because they were receiving unwanted e-mail ads on accounts used only for Ameritrade.
The report claims that it has “no recommendations,” but the language of the report suggests otherwise. Consumer advocates are taking issue with the GAO’s “not-a-recommendation” of a risk-assessment plan, in part because they believe that every consumer who has been the victim of a data breach should know about it, and also because the connection between data breaches and ID theft is difficult to assess, thus making it somewhat unbelievable that an accurate and useful risk-assessment program could be created.
Fidelity National Information Services, a financial processing company, announced today that one of its employees had stolen 2.3 million customer records containing credit card, bank account and other personal information, and sold that information to an unidentified “data broker” who then sold the information to various direct marketing companies.