Millions Targeted by Credit Card Theft: Are You One of Them?
EmailThe corporate owner of T.J. Maxx and Marshall’s today tried to play down the massive credit card information theft that targeted some 45 million of its customers. But many customers wondered if any credit card transaction is safe. "I don’t feel secure at all about shopping at T.J. Maxx with credit any more," one customer said. "Cash only." "It’s not worth it," another customer said. "You save a little, but the risk is way too high." No previous identity theft case compares to today’s in size or significance. The apparent victims in this case are not people who used their credit cards on the Internet, but rather people who went to the store in person. Click Here for Full Blotter Coverage. Officials say hackers uploaded hidden programs onto the TJX corporate computers at a building in Framingham, Mass., and another in Watford, England, and for more than a year and a half were able to easily download the 45 million pieces of credit card and personal information. The company says it is now upgrading security. "The bad guys had their encrypted data," Mark Rasch, a former cybercrime federal prosecutor, told ABC News. "They had their credit card data, and it is hard to believe they could have done that if the company hadn’t messed up." A major break in the case came last week when employees at a WalMart in Gainesville, Fla., became suspicious of some big spending customers and called police. Authorities have now arrested six people (pictured), including the suspected ringleader of the group, 18-year-old Irving Jose Escobar, for using the stolen T.J. Maxx credit card information to buy millions of dollars worth in gift certificates and TV and audio equipment. Of the six arrested, all of whom are charged with one count of an organized scheme to defraud over $50,000, a first-degree felony in Florida punishable by up to 30 years in prison, three have pled guilty and three others have entered not guilty pleas. Each of them is being held on $1 million bond. Four other group members remain at large with warrants out for their arrests. "This was just the start of a much bigger crime organization," Special-Agent Dominick Pape of the Florida Department of Law Enforcement said. And customers at T.J. Maxx are not alone. Since the first significant case of ID theft was discovered at the huge ChoicePoint credit bureau in Georgia on Feb. 15, 2005, involving some 163,000 records containing social security numbers and other personal data, security experts say more than 150 million pieces of information have been stolen in some 538 separate cases. That includes cases covering breaches of a million or more records. Back on June 16, 2005, a hacking breach at CardSystems targeted 40 million records, according to Privacy Rights Clearinghouse, a nonprofit consumer organization that focuses on consumer information and advocacy. Another breach happened just last May when more than 28 million records of U.S. veterans discharged since 1975 were targeted when a VA laptop was stolen from an employee’s home. "The crooks are getting better, and the good guys are not doing enough to bolster their defenses," said Michael Watis, the former chief of the FBI’s cyberunit. T.J. Maxx and Marshall’s corporate officials say 75 percent of the stolen credit car information will be of no use to the crooks because the data is either expired or encrypted. But store customers have no easy way to tell if they are at risk, and the best advice from officials is to assume you are at risk if you’ve used your credit card at one of those stores or given your personal information, including driver’s licenses and military IDs, to return merchandise.
RSS
Twitter
Facebook
So are we supposed to cancel our credit cards if we shopped at TJ Maxx and Marshalls within the past few months? I shopped at both stores A LOT! Yikes!
Posted by: Amie B. | March 29, 2007, 6:41 pm 6:41 pm
Unfortunately this seems to be getting very common. I’ve heard of at least 3 cases where personal information was stolen either from the government or from retailers within the past year. And quite frankly I’m tired of this and its time we do something! We need to write our congressmen/women and insist they draft a bill to impose very stiff penalties to all retailers/government agencies who lose our personal data, including SS numbers and credit card info.
Posted by: Jason | March 29, 2007, 6:50 pm 6:50 pm
This is interesting: I recently got a letter from my bank informing me that they were changing my debit/credit MasterCard number because I recently used that card at a Marshall’s, and Marshall’s had informed them of a breech in security. The following week after the change, I tried to return some items to Marshall’s and was told that I could not get credit back on that same card (although it was the same account)because it had a new number! I tried to explain to them it was the same account, but because of THEIR security being breeched, I was given no choice, the bank automatically changed the number!!! I didn’t do anything and I got punished for it!
Posted by: Robyn | March 29, 2007, 6:51 pm 6:51 pm
My question to all of this is would it be safer for a consumer to revert back to writing paper checks? I would rather pay the service fee for a cash advance & deposit than have my credit card info stolen.
Posted by: S. London | March 29, 2007, 7:35 pm 7:35 pm
This is President Bush’s fault?
Posted by: jim jones | March 29, 2007, 8:26 pm 8:26 pm
This is not new. We were contacted by our bank and informed about the security breach at TJ Maxx several months ago and our cards were blocked and new cards with new numbers issued. This could conceivably panic a lot of people for whom the problem has already been resolved.
Posted by: Beth | March 29, 2007, 9:57 pm 9:57 pm
IT’S A SHAME THAT YOU CAN’T BE TRUSTING ANYMORE. i HAVE TORN UP 2 OF MY THREE CREDIT CARDS AND AM VERY SELECTIVE ON WHEN AND WHERE i CARGE ITEMS.
Posted by: Ruth | March 29, 2007, 10:15 pm 10:15 pm
Justice shall be served! hopefully they don’t get just a slap on the wrist!
Posted by: erica | March 29, 2007, 11:50 pm 11:50 pm
I had shopped at Marshalls, and about $800 was taken out of my account. And they were sending it thru “Western Union” I went to the bank to make a deposit and my account showed a negative, how can this be if Im depositing money? I looked at my statement and there it was Western Union, I called my bank and asked who made this transaction and when. Well my card had already been on hold and they issued me a new one. Unfortunate no matter what kind of security we use today, their is always someone JERK out there to screw the world … if we all said “Please & Thank You” this world won’t be so greedy for money or hungry for power …
Posted by: Mariluz | March 30, 2007, 9:56 am 9:56 am
I work in the Card Services Dept. for a financial institution. Unfortunately, the Financial Institutions are taking the hit on this, because of the cost of replacing all the compromised cards. (We had over 3,000 Debit and Credit cards involved). The merchants aren’t being found at fault here, or in any compromise case, and aren’t being held accountable.
Financial Institutions are Federally Regulated and we have to comply with Federal regulations regarding storing card and member information. Retailers and other merchants (the restaraunt industry, for example)are not regulated on the type of information that they are storing. There are guidelines out there, but no one is checking up on them.
This is one of the reasons your financial institutions charge fees for other items, such as overdrafts, to cover the costs for fraud and compromises. And, until the merchants are held responsible, the customer is ultimately going to pay.
Posted by: Ann | March 30, 2007, 10:11 am 10:11 am
I was contacted by my bank back on March 5 that there was a problem with my account. Turns out, someone had gotten my debit card number and pin number and used it to charge $1500 at a Best Buy in Davenport, Iowa (I live in Chicago). The bank fraud department said that my card had been “skimmed,” i.e., the crooks made a fake card with my debit card information, but with a fake name and presented it to make the purchase. I suspect I was the victim of the TJ Maxx/Marshalls thing as I had recently shopped at these stores. This seems like such a sophisticated crime that I don’t think my card could have been compromised anywhere else. I do therefore suspect the TJ Maxx hackers as the probable source.
Posted by: Nancy | March 30, 2007, 10:12 am 10:12 am
The thought of anyone having access to my personal information is outrageous!!!! I understand that it is not necessarily the credit card company’s fault, but the retail institutions SHOULD be held accountable for this error. But, it should also be noted that due to the outrageous finance charges (and other hidden charges) that credit card companies have…I am somewhat glad that they are being held accountable!
Posted by: Gram | March 30, 2007, 12:49 pm 12:49 pm
This is a great little article, unfortunately it doesn’t provide any information, or links in ordert to protect yourself. I personally have contacted all the major credit companies and put a fraud protection alert on both mine and my husbands accounts. Although, I honestly feel that TJX should have contacted each and every one of the customers that have been put in this situation and 1) informed them of the severity of the situation; 2) provided the proper information in order to protect yourself from this heinous crime. I for one, will NOT be shopping at any of these stores again only for the mere way in which is was handled — rather not handled.
Posted by: PJ | March 30, 2007, 1:39 pm 1:39 pm
As to Beths comment that This could conceivably panic a lot of people for whom the problem has already been resolved.
Posted by: Beth | Mar 29, 2007 9:57:01 PM)) how can it be resolved when someone with your personal info can ALWAYS get new accounts in your name o9r do things with YOUR credit? It is not all in the past when your personal info has been stollen. YOU always have to be “on guard”. Ask anyone who has had their identiy stollen.
Posted by: Suezq | March 30, 2007, 2:46 pm 2:46 pm
This is a reply to jason: Just accept the refund on the old card number, this is the way its supposed to work and your bank will know what to do.
Posted by: Eric | April 2, 2007, 2:03 pm 2:03 pm
With cards inplanted with RFID chips which can be read by crook with a reader.I now leave my cards home and only carry one in my car, in a lead lined box
Posted by: Bill | April 4, 2007, 8:46 am 8:46 am
I was recently a victim of fraud in Feb. I do not shop at TJ Max or Marshalls. So I think this is a bigger issue and more networks like these are out there. My debit card was copied and they even obtained my pin number and was able to make multiple ATM withdraws at a casino here in California. Luckily my bank saw that I was trying to use my card more than a 100 miles away when these fraudelent charges were being made. My advise is CASH ONLY GOING FORWARD!!
Posted by: Eric | April 9, 2007, 6:24 pm 6:24 pm