From the Richmond Times-Dispatch:
Advance Auto said a computer hacker may have gotten financial information of up to 56,000 customers at 14 stores in Virginia and seven other states. The Roanoke company said the customers shopped at the 14 stores from December 2001 to December 2004.
Why would a company have customer info on file for so long? I found one credit card processor’s FAQ which said that the max for chargebacks is 180 days, which is only in the case of when a merchant has violated merchant rules (otherwise it’s 120). So Advance Auto was about 2375 days overdue for a records wipe. It’s time to start tightening up the lax security standards on the retail level that have created a playground of plunder for identity thieves.
(Thanks to Volksaddict!)