The Concord Monitor Online Edition
The Concord Monitor Online Edition The Concord Monitor Online Edition
Saturday, November 21, 2009 The news you need now
Archive search
Subscribe  |  Newsletter  |  Place an ad  |  Contact us
Home
News
Local headlines
Obituaries
Town by town
Politics
New England
Nation-World
We Went To War
Business
Sports
High schools
Professional
College
Racing
Nascar Coverage
Opinion
Editorials
Letters
Columns
Write a letter
Blogs
BlogsNH
Primary Monitor
Photography
*Pulitzer Winner*
PhotoExtra
Multimedia
Anthrozoology
Photo blog
Teen Life
Web Cam
Marketplace
Classifieds
Jobs
Cars
Homes
Corner Cupboard
Yellow Pages
Monitor Openings
Place an ad
Best of 2009
Local Gas Prices
Community
Town by town
Couples
Wedding Guide
Obituaries
Entertainment
Dining Deals
Books
Movies
Music
Tuned In
Living
NH Summer
Food
Health
Home-Family
Beliefs
Travel
Newspaper
Subscriptions
Advertising
Commercial Jobs
Contact us
Directions
History
Online
Twitter feed
Newsletter
Archives
Help
Advertise Online
Our Advertisers
About us
Contact us
Special Sections
(All Special Sections)
Data breach
 
Hacking brings identity theft to forefront
Font size:
Comments

By LISA ARSENAULT
Monitor staff
February 04, 2007 - 8:33 am

Picture
Ken Williams / Monitor staff

Related articles:
More than 100,000 accounts involved in TJX hacker incident (2/4/2007)

When computer hackers stole credit card information from thousands of BJ's Wholesale customers in 2004, they used names, addresses and account numbers to make duplicate cards and buy millions of dollars worth of goods in other people's names.

Just as state laws aimed at protecting customers from similar identity thefts were about to take effect last month, thousands of customers of T.J. Maxx and other stores owned by the Massachusetts-based TJX Companies learned their personal information had been stolen by hackers who tapped a customer database.

State banking leaders and company officials do not yet know the extent of the TJX data breach - including how much information was stolen, how it was done or what it is being used for - but industry analysts and lawmakers wonder whether enough is being done to protect customers' private information.

"Somebody needs to look at why retailers are storing this information and whether it's okay for them to do that," said Gerald Little, president of the New Hampshire Bankers Association. "Clearly, we had the BJ's situation. Now we have TJX. There's a weak link there."

New state identity theft laws went into effect Jan. 1 that require companies like TJX to notify customers immediately if their private information has been stolen. The new laws also allow consumers to put a freeze on their credit files so that even if their private information is stolen it can't be used to open up new accounts.

Sen. David Gottesman, a Nashua Democrat who helped push those laws through, said it's likely that the TJX breach will spark further debate this legislative session about whether more should be done to beef up state identity theft laws. He said he doesn't know if retailers need more oversight, but looking into the issue further is "not a bad idea."

A security breach

TJX Companies notified the public on Jan. 17 that computer systems for processing and storing information on customer transactions had been hacked a month earlier. Shoppers who made purchases with credit cards or debit cards at at company-owned stores in the United States, Canada, England and Ireland as long ago as 2003 had personal information on file that may have been stolen, according to TJX. Affected stores include T.J. Maxx, HomeGoods, A.J. Wright and Bob's Stores.

TJX is advising people who have shopped at their stores to review their account statements and immediately notify their credit or debit company if they suspect fraudulent use. The company has also set up a help line - 866-484-6978 - for customers with questions about the situation.

So far, only a handful of cases of fraudulent charges have been discovered by New Hampshire customers whose information was stolen, but banks across the state have canceled thousands of credit and debit cards with account numbers that may have wound up in the wrong hands. Most banks will not say how many cards have been canceled and reissued. More than 100,000 consumers in New Hampshire likely have been affected, based on a survey of bank association members, Little said.

The company cannot say why that information had been on file for so long, said TJX spokeswoman Sherry Lang, because of the confidential terms of contracts TJX has with credit card companies and banks. It is also unclear whether the company violated state or federal laws.

The Federal Trade Commission is responsible for investigating data breaches and determining whether the companies involved did anything wrong. Spokeswoman Claudia Farrell would not say whether the commission is investigating TJX.

The New Hampshire attorney general's office is also looking into whether the company broke any laws, said Lauren Noether, head of the Consumer Protection and Antitrust Bureau. Attorneys general from several affected states have teamed up to investigate, she said.

"We're still looking into the matter. That's all I can really say," Noether said.

After the BJ's data breach in 2004, the Federal Trade Commission charged the company with failing to take appropriate security measures and ordered independent audits of BJ's security system every other year for the next 20 years. The commission also found that the company violated bank security rules by storing customer information for up to 30 days.



Single page | 1 | 2 | 3 |

 
-->
Top Jobs
View all Top Jobs
NEWSPAPERS IN EDUCATION Concord Monitor can deliver free newspapers to your local school's classrooms. Find out how.
Subscribe | Advertiser Profiles | Jobs | Autos | Real Estate | Classifieds | Photo Reprints | Contact Us

Copyright 1997-2009
Concord Monitor and New Hampshire Patriot
P.O. Box 1177
Concord NH 03302
603-224-5301
Privacy policy
Copyright policy