New England Banks to Sue TJX

The Boston Globe reports that a group of New England banks are planning to sue TJX Cos. over TJX's data breach.

Read More...

Data Breaches and Buyer Behavior

Javelin Strategy & Research has a study for purchase entitled "Data Breaches and Buyer Behavior: Moving PCI Compliance from Costly Burden to Competitive Advantage" (link is to the free preview).

Hat tip to Payments News which states:

The study concludes that "77% of consumers intend to stop shopping at merchants that suffer from data breaches. Retailers and merchants are viewed by 63% of consumers as the least secure when protecting consumer’s data, compared with processors (16%), card networks like Visa or MasterCard (5%) and issuers (5%). When little is known about a data breach, half of all consumers automatically consider the merchants where they shop to be at fault. However, 85% will reward merchants who are perceived as security leaders with increased purchases."

Read More...

TJX Companies 10K on Computer Intrusions

This InternetNews story says that TJX Companies, Inc. revealed to the SEC that as many as 47.5 million customer records were stolen during TJX's highly publicized computer intrusion. For those interested, here's TJX's 10-K filing. Pages 7-10 are devoted to a discussion of the computer intrusion and pages 18-21 detail the 19 legal proceedings related to the computer intrusion. Page 21 also details the various government investigations in regards to the computer intrusion.

Obviously, the security breach will not be cheap for TJX.

Recent News Stories:

• State cracks down on identity theft in wake of TJX security breach
• TJX customers subject to security breach
• How the TJX breach may change security awareness
• Do data breaches really hurt retailers?
• Locals upset at TJX Companies security breach
• TJX security breach affected at least 47.5m
• Revealed: World's largest security breach

Read More...

Ohio Senate Bill No. 6

Senate Bill Number 6 was introduced:

• to allow consumers to place a security freeze on the consumer's credit report
• to specify that Social Security numbers are confidential
• to specify that certain personal information is not a public record
• to require a public office to redact from a document that is otherwise a public record certain personal information
• to require a public office to redact Social Security numbers and other confidential information from any document that is made available online to the public through the Internet
• to require the Office of Criminal Justice Services to make state funding grants available to local law enforcement agencies for enforcement of identity fraud laws
• to require the attorney general to support local law enforcement agencies with the enforcement of identity fraud laws, and
• to enact a special statute of limitations for criminal prosecutions and civil actions against identity fraud

The bill, if passed, would help erase the problem reported last year where a number of records from the Ohio Secretary of State's Office was displayed with Social Security numbers.

While I agree that government websites should not post information such as SSN's on their websites, I expect that this bill would either cost taxpayers money to find and redact SSN's already posted (which is not a trivial task). Alternatively, some agencies may take the information offline as they assess the scope of confidential information contained in their online records.

Read More...