A federal court in Boston has sentenced Albert Gonzalez, the Miami computer hacker behind millions of dollars in credit card theft from national retailers like TJ Maxx, BJs, Barnes & Noble and more, to 20 years in prison for his crimes. [More]
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
We’ve received queries from readers telling us that their Citibank cards have been replaced, and asking whether we’ve heard about any new security breach. Other than Forever 21 we haven’t, so we’re wondering whether they’re responsible for the stories below.
Remember TJX’s gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn’t. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store’s security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.
TJX will be paying as much as 40.9 million in a settlement with Visa and the bank that processes their credit card payments , says the Associated Press.
The funds will be used to help U.S. credit card issuers such as banks recover costs related to the breach, which may have exposed more than 100 million cards to potential fraud, TJX said.
Last Sunday’s 60 minutes had a report by Lesley Stahl about the now-infamous TJX data breach.
When TJX revealed earlier this year that they’d failed to keep safe over 45 million customer credit card accounts, they were hit with both consumer and bank class action lawsuits. Now they’ve submitted a proposed settlement for the consumer class action suit that includes a strange, somewhat insulting offer: a “one-day sale” for victims of the theft. Attorneys general from eight states have filed an objection against the proposal, citing that even if it’s a well-intentioned goodwill gesture, it doesn’t belong as part of any official, legal settlement, which should be designed to benefit the victims rather than the retailer.
The Wall Street Journal is reporting that the most likely scenario for how the hackers stole an estimated 200 million card numbers is as simple as a person with a laptop breaking into the wifi network of a store:
The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.
TJX, the parent company of TJ Maxx and Marshall’s, is facing a class action lawsuit from the 45 million customers whose credit card data they lost; now, bankers associations representing 300 banks in Maine, Connecticut and Massachusetts have decided to file a class action suit of their own. From InfoWorld:
Banks — especially in states like Massachusetts — were also hard hit. Why? Because under current federal law, its banks, not merchants, who have to pay to make customers whole again: forgiving fraudulent purchases on credit and debit cards and, of course, cancelling compromised cards and bank accounts, then issuing new ones to their customers. Needless to say, that’s an expensive process, especially when you’ve got to repeat it 45 million times, as banks across the country will have to do in the wake of TJX. Not surprise, then, that banks aren’t taking this sitting down.
Banks are in the process of notifying consumers, some who did not think they were affected, that they will soon receive new debit and credit cards in the mail. — CAREY GREENBERG-BERGER