Privacy Digest

NewsFactor Network | Hackers Pull Off Biggest Heist in History: "With at least 46 million consumer records accessed by hackers, the TJX case outranks the previous largest case tracked by the Privacy Rights Clearinghouse: a June 2005 disclosure by credit card processor CardSystems that hackers accessed accounts of 40 million card holders.

A hacker or hackers stole data from at least 45.7 million credit and debit cards of shoppers at off-price retailers including T.J. Maxx and Marshalls in a case believed to be the largest such breach of consumer information.

For the first time since disclosing the theft more than two months ago, the parent company of nearly 2,500 discount stores put a number on how much card data was compromised -- and it's a number TJX Cos. acknowledges could go still higher.

Experts say TJX's disclosures in a regulatory filing late Wednesday revealed security Relevant Products/Services holes that persist at many firms entrusted with consumer data: failure to promptly delete data on customer transactions, and to guard secrets about how such data is protected through encryption.

'It's not clear when information was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was,' said Deepak Taneja, chief executive of Aveksa, a Waltham, Mass.-based firm that advises companies on information security.

The case has led banks to reissue cards to customers as a precaution against further fraud beyond cases detected as far away as Sweden and Hong Kong, according to the Massachussets Bankers Association, which is tracking fraud reports linked to Framingham, Mass.-based TJX, parent company of stores across North America and the United Kingdom.

The only arrests believed tied to the case involve a gift card scam in which 10 people are suspected of buying data from the TJX hackers to purchase Wal-Mart gift cards in northern Florida. The group -- who aren't believed to have committed the TJX hack -- then used the cards to buy $1 million worth of electronics and jewelry at Wal-Mart's Sam's Club stores, according to Gainesville, Fla., police.

"