http://www.boston.com/business/personalfinance/articles/2007/08/09/credit_card_headaches_from_tjx_breach_remain/ By Se Young Lee Globe Correspondent August 9, 2007 Almost seven months after the biggest security breach of financial data in the nation was revealed, some banks still appear to be sorting out which of their credit card customers were put at risk. Retail giant TJX Cos., with headquarters in Framingham, revealed this spring that at least 45.7 million credit and debit card numbers were compromised by hackers who gained access to the company's computer systems in the second half of 2005 as well as from May 2006 to January of this year. But some companies, such as Citibank, are still reissuing cards for customers whose information may have been exposed. "As a preventative measure we are in the process of notifying and issuing new credit and debit cards to some customers whom we believe may be subject to increased risk," Citibank said in a statement yesterday. Brian Riley, senior research analyst of bank cards for TowerGroup in Needham, a financial-services consultant, said such a lengthy delay is not unusual because banks might choose to keep tabs on some accounts and take action only if they notice unusual activity. "I can look at all your transactions and say, 'Hey, the guy's never shopped at this store before. what's going on?' " Riley said. Some banks have said information from TJX about the compromised accounts has been sporadic since the news first broke. "I can't remember an example that has had such a magnitude in a continued, slow process as this breach," said Daniel Forte, president of the Massachusetts Bankers Association, which sued TJX in April to recover damages from the costs of reissuing cards and launching other measures to protect customers. But TJX said in a statement that it fulfilled its obligations in January and February by providing "extensive numerical payment card information to banks and payment card companies." Chris Harrall, spokesman for MasterCard, declined to say how many of its customers' accounts had been compromised and said its investigation was ongoing. Bank of America said it reissued credit cards in March because of the breach but declined to say how many. Sovereign Bank said it has replaced 60,000 credit cards so far. The overall financial impact of the breach remains unclear. TJX said in May that it has spent $25 million because of the security lapse. Some analysts estimate the breach may cost more than $1 billion. The firm is also under a multistate investigation involving 37 state attorneys general as well as an inquiry by the Federal Trade Commission, according to filings with regulators. Copyright 2007 The New York Times Company ____________________________________ Visit the InfoSec News book store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Aug 09 2007 - 23:49:26 PDT