August 6, 2008
TJX Hackers Indicted
Eleven members of an international ring behind the theft of over 41 million credit and debit card numbers from TJX Cos. and other retailers including Barnes & Noble, BJ’s Wholesale Club, Boston Market, DSW Inc., Forever 21, OfficeMax and Sports Authority have been charged in what Attorney General Michael Mukasey called “the single largest and most complex identity theft case ever” in U.S. history.
The accused – the alleged mastermind, Albert “Segvec” Gonzalez of Miami, and others from Belarus, China, Estonia, Ukraine and the U.S. – were charged with a variety of counts including fraud, identity theft and conspiracy in federal courts in Boston and San Diego. One individual only known by an online alias has yet to be identified.
“Computer crimes are not confined within national borders,” Mr. Mukasey said. “Criminals can now operate from almost anywhere … to steal personal information from almost anywhere on the globe.”
According to Reuters, Mr. Gonzalez, a one-time informant for the government, drove around Miami hacking into wireless networks with his laptop. Once inside, Mr. Gonzalez and his co-conspirators planted “sniffer” programs that captured card numbers along with password and account information.
Mr. Gonzalez faces life in prison if he is convicted on all charges.
TJX, which agreed to pay more than $60 million to settle with Visa and Mastercard over its breach, admitted that as many as 45.7 million credit cards were exposed to the hackers. The federal investigation found 41 million credit and debit card numbers on two servers, one in Latvia and the other in the Ukraine.
“The sheer number of retailers attacked by these cyber criminals demonstrates the much broader challenges in protecting sensitive consumer data from this increasing threat,” said Sherry Lang, senior vice president at TJX.
Discussion Question: Is consumer data any safer today in the hands of retailers and other businesses than it was when TJX was first hacked?
- U.S. charges 11 in theft of TJX customer data – Reuters
- Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers – Department of Justice
- Remarks Prepared for Delivery by Attorney General Michael B. Mukasey at the Identity Theft Press Conference – Department of Justice
- 11 charged in connection with credit card fraud – The Associated Press/International Herald Tribune
BrainTrust
Recent Discussions
Discussion Questions
Poll
At the end of the day, the more avenues of payment are available, the higher amount of fraud opportunities.
Decades ago, it was limited to cash, cheques and credit card theft. I rarely carried a lot of money on me and never paid anything with a cheque, so if someone really wants money from me, they’d have to physically steal my card number somehow.
Now, it’s debit cards, gift cards, and the numerous online methods…online credit info, phishing, PayPal fraud, hacking into networks you name it.
Just like piracy of music CDs, movie DVDs, games and software, no matter how good the copy protection is, there always seems to be smarter people who can break it and distribute the goods online that very same day.
Securing consumer data is one of the foundations of customer service. It is thankless, however–only failures come to customers’ attention, and usually in very negative fashion.
Companies that choose to accumulate shopper profiles or credit card data have no option but to take on this responsibility. With the constant threats from bad actors, data security is a moving bar.
While I believe corporate data security is generally improving, so are the methods of the infiltrators. Law enforcement has an important role here, but it’s up to the firms who accumulate data to man the front lines with robust methods and customer protection policies.
With the economy in the shape that it is, it will be hard for companies to justify spending more for data security. Traditionally businesses struggle with spending money on things like security, maintenance, safety and anything that isn’t a tangible that can be seen and touched by their consumers. Unfortunately, I think we will see a lot more of these problems in the months and years ahead.
As a provider of hosted software for retailers (though not handling credit card data, thank goodness), I would say that retailers have inarguably gotten much more serious about data security. The question I don’t know the answer to: how much more sophisticated have the hackers gotten in the same time?
Although predictably many people will say that data security has gotten worse, I will argue that it has become a little bit more secure over these past couple of years. Technology is improving. Long way to go….
Having worked on corporate data security a while back, I agree it is improving. I too did not work on credit cards.
This game will continue to be played out for the rest of time. The bigger the security the bigger the challenge. What is interesting is the amount of money paid to Visa and I wonder how fast it acted when the breach was known and how much money was lost.
The problem becomes increasingly difficult as hackers from around the world create new ways to steal personal information. Businesses must devote more resources in this area and take appropriate actions to keep consumer trust.
I don’t know the statistic, but I’d be curious to compare credit card hacker theft dollars versus increased credit card interchange rates charged by Visa, Mastercard, Discover, and American Express. I suspect that hacker theft dollars are less than the interchange rate increase dollars. Maybe retailer profit margins would be better protected if they worked more effectively together to push back on the increased interchange rates. Isn’t it easier to deal with 4 credit card companies in the USA whose identities are known, compared to thousands of anonymous hackers, many located in Eastern Europe?
More Discussions
As Boomers ‘Age Out of Peak Purchasing,’ How Can National Brands Retain Interest With Gen Z?
According to a recent First Insight study titled “Is Gen Z Still Choosing Your Brand,” while…Is Supply Chain Volatility Here To Stay?
Can we expect an ongoing volatility to remain in terms of retail supply chain?Has Same-Day Delivery Become an Expectation Across Retail?
Are expectations around retail delivery speed in flux?
At the end of the day, the more avenues of payment are available, the higher amount of fraud opportunities.
Decades ago, it was limited to cash, cheques and credit card theft. I rarely carried a lot of money on me and never paid anything with a cheque, so if someone really wants money from me, they’d have to physically steal my card number somehow.
Now, it’s debit cards, gift cards, and the numerous online methods…online credit info, phishing, PayPal fraud, hacking into networks you name it.
Just like piracy of music CDs, movie DVDs, games and software, no matter how good the copy protection is, there always seems to be smarter people who can break it and distribute the goods online that very same day.
Securing consumer data is one of the foundations of customer service. It is thankless, however–only failures come to customers’ attention, and usually in very negative fashion.
Companies that choose to accumulate shopper profiles or credit card data have no option but to take on this responsibility. With the constant threats from bad actors, data security is a moving bar.
While I believe corporate data security is generally improving, so are the methods of the infiltrators. Law enforcement has an important role here, but it’s up to the firms who accumulate data to man the front lines with robust methods and customer protection policies.
With the economy in the shape that it is, it will be hard for companies to justify spending more for data security. Traditionally businesses struggle with spending money on things like security, maintenance, safety and anything that isn’t a tangible that can be seen and touched by their consumers. Unfortunately, I think we will see a lot more of these problems in the months and years ahead.
As a provider of hosted software for retailers (though not handling credit card data, thank goodness), I would say that retailers have inarguably gotten much more serious about data security. The question I don’t know the answer to: how much more sophisticated have the hackers gotten in the same time?
Although predictably many people will say that data security has gotten worse, I will argue that it has become a little bit more secure over these past couple of years. Technology is improving. Long way to go….
Having worked on corporate data security a while back, I agree it is improving. I too did not work on credit cards.
This game will continue to be played out for the rest of time. The bigger the security the bigger the challenge. What is interesting is the amount of money paid to Visa and I wonder how fast it acted when the breach was known and how much money was lost.
The problem becomes increasingly difficult as hackers from around the world create new ways to steal personal information. Businesses must devote more resources in this area and take appropriate actions to keep consumer trust.
I don’t know the statistic, but I’d be curious to compare credit card hacker theft dollars versus increased credit card interchange rates charged by Visa, Mastercard, Discover, and American Express. I suspect that hacker theft dollars are less than the interchange rate increase dollars. Maybe retailer profit margins would be better protected if they worked more effectively together to push back on the increased interchange rates. Isn’t it easier to deal with 4 credit card companies in the USA whose identities are known, compared to thousands of anonymous hackers, many located in Eastern Europe?