Advertising

The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds | seattletimes.com

The Seattle Times

Nation & World


Our network sites seattletimes.com | Advanced

Originally published February 22, 2007 at 12:00 AM | Page modified February 22, 2007 at 12:58 AM

E-mail article     Print view

Retailer's data breach wider than believed

Retail giant TJX, whose stores include discount clothing chains T. J. Maxx and Marshalls, said Wednesday a computer-security breach stretched...

The Washington Post

WASHINGTON — Retail giant TJX, whose stores include discount clothing chains T.J. Maxx and Marshalls, said Wednesday a computer-security breach stretched back 10 months earlier than it had originally thought, compromising credit- and debit-card data, driver's license numbers, and names and addresses.

The announcement underscores a trend of breaches involving sensitive credit-card data and reflects failures to properly secure computer systems, to notify customers when breaches occur and to update laws for the cybercrime age, lawmakers and analysts said.

T.J. Maxx and Marshalls each have seven locations in the Seattle-Tacoma metropolitan area.

TJX said that while it first thought the intrusion took place from May 2006 to January 2007, it now thinks its computer system was also hacked in July 2005 and on "various subsequent dates" in that year.

The company first reported the intrusion in January, a month after it said it discovered the breach.

It has refused to say how many customers may have been affected and how many have been notified.

"We don't have a number for you there. Our work is not finished," spokeswoman Sherry Lang said Wednesday.

More than 50 computer experts are helping investigate the breaches, she said.

Banks that issued the credit cards have not said how much they have had to cover in fraud-related losses.

More than 30 states, including Washington, have laws that require companies to notify customers as soon as possible when a breach has occurred, although most of the statutes allow companies to delay notification while law-enforcement agencies investigate.

A bipartisan group of senators had reintroduced legislation that would mandate customer notification and require companies that maintain personal information to establish internal policies to protect it.

"Americans live in a world where their most sensitive personal information can be accessed and sold to the highest bidder, with just a few keystrokes on a computer, yet our privacy laws haven't kept pace," Sen. Patrick Leahy, D-Vt., said in a written statement when the legislation was reintroduced this month.

advertising

The credit-card industry has set up rules for data protection called the Payment Card Industry Data Security Standard.

They include encrypting transmission of cardholder data, regularly testing security systems and processes, and restricting access to data to those with a "need to know."

But most large retailers have not complied with the standard, and noncompliance is about 80 percent among smaller retailers, said Avivah Litan, an analyst with Gartner, an information-technology research firm.

Copyright © The Seattle Times Company

UPDATE - 03:28 AM
Sources: Obama near decision on Afghanistan troops

UPDATE - 03:29 AM
Bill Clinton meets with Senate Dems on health care

FBI reassessing past look at Fort Hood suspect

D.C. sniper mastermind set to be executed Tuesday

Case against Ohio bodies suspect expands overseas

Advertising

Video

Ken Auletta talks about "Googled"
Ken Auletta talks about Google with Brier Dudley at the Seattle Central Library.

Medal of Honor
Pelosi answers questions at Swedish Medical Center
Pelosi speaks at Swedish Medical Center
"Pistol" Pete Ryan
Mourners gather at KeyArena for slain officer's memorial
Procession for slain SPD officer
Election Night: Approve R-71
Election Night: Reject R-71
Election Night: Joe Mallahan

Marketplace

nwautos

2009's most fuel-efficient sedansnew
Choosing a new sedan? Weigh the impact of your choice on your wallet and on the planet.
Post a comment

Open Houses

Find this weekend's open house listings.
Or search by location:

 
Most read
Most commented
Most e-mailed
 
 
Advertising