News
TJX Case Shows Cost of Data Breaches for Banks
By Brian Orsak
printA security breach at retailer TJX Cos. last year cost banks that reissued payment cards as much as $83 million, according to estimates by credit card company Visa USA. Credit card company officials say the breach exposed about 100 million credit and debit card numbers to hackers, according to court documents from a class-action lawsuit against Framingham, Mass.-based TJX that were released Friday. After disclosing that hackers had breached its databases, TJX estimated in March that as many as 45.7 million records had been exposed over several months. Driver's license and checking account numbers of customers who returned merchandise were...
TO READ THE FULL STORY
Related News
U.S. lawmakers proposed legislation Wednesday to combat the pilfering of tax refunds, now the most common type of identity theft-related fraud in the country.
The Internal Revenue Service's Criminal Investigations division is shifting resources to better investigate the "alarming" growth of stolen tax refunds, according to a senior IRS official.
The disclosure that U.S. officials have solicited and directly received data from foreign banks on transactions tied to Iran is spurring talks among European lawmakers, according to Alexander Alvaro, an EU Parliament supervisor.
Instances of cybercrime and identity theft in New York City rose 50 percent over the past five years, while some municipal precincts are citing the violations more than any other crimes.
The number of suspicious activity reports filed on potential identity theft increased over 120 percent between 2004 and 2009, the head of the U.S. Treasury Department's financial intelligence unit said Monday.
Reports of check fraud tied to identity theft rose in 2009 even as instances of related loan and credit fraud fell, according to a study released Friday by the Identity Theft Resource Center.
Two measures passed by a Congressional committee this month that could change the way banks notify customers of data breaches are unlikely to become law this year, according to a Senate staffer.
As many as 85 percent of banks have implemented adequate compliance systems aimed at rooting out identity thieves and limiting the number of data breaches, according to analysts.
The Federal Trade Commission Wednesday again pushed back the enforcement deadline of a controversial rule requiring financial institutions and "creditors" to take steps to prevent identity theft-related data breaches.
Two agencies at the U.S. Treasury Department have done a poor job protecting sensitive Bank Secrecy Act information from hackers and potential data breaches, a government watchdog said Friday.
The U.S. Federal Trade Commission has given financial institutions an additional six months to develop programs to prevent identity theft due to confusion in the industry over the scope of the agency's rules.
Congress is considering a request that would allow the Federal Trade Commission to levy fines against companies with poor controls over sensitive customer data, according to a report released Tuesday.
Financial regulatory examiners will be checking that banks are not overly relying on their existing monitoring systems to comply with new federal rules meant to curb identity theft, say consultants.
TJX Cos. agreed Thursday to make broad security improvements as part of a settlement with the Federal Trade Commission, one year after hackers stole the credit and debit card numbers of millions of customers in the largest known data breach for a U.S. retailer.
TJX will provide as much as $40.9 million in pretax funds to compensate U.S. Visa issuers for the cost of reporting the breach and replacing credit and debit cards exposed to hackers. Between 45.7 million and 100 million consumer records were exposed in the breach of TJX's computer systems.
Some 3.7 percent of American adults, or 8.3 million individuals, had their personal data stolen or misused in 2005, according to a Federal Trade Commission study released Tuesday. The estimated total loss from ID theft for American consumers was $15.6 billion.
Charges made to fraudulent accounts in the victims' names ranged between $50 and $500,000 and, in aggregate, increased 78 percent from 2004 to 2006, according to a study by the Identity Theft Resource Center.
A report issued by San Diego, Calif.-based ID Analytics, which makes ID theft software, looked at about a dozen data breaches involving Social Security numbers and other identifying information.
Final federal banking regulations for monitoring identity theft moved forward on Monday as the Federal Deposit Insurance Corp., one of six federal banking agencies considering the measures, approved them.
The Bush administration suffered a setback Friday when a federal judge rejected its effort to block a civil lawsuit against an international banking consortium that provides the administration with data for terrorist investigations.