breach

TJX stores, including T.J. Maxx and Marshalls, are holding a one-day 15-percent-off sale on Thursday as a way to show appreciation for customers after a data breach at the company.

TJX disclosed in 2007 that 45.7 million customer accounts were compromised

"TJX has chosen to hold a previously planned, one-time Customer Appreciation Day to express our appreciation to customers for their continued support and patronage following the criminal attack(s) announced on our computer systems two years ago," TJX spokeswoman Sherry Lang said in a statement. "TJX remains committed to providing our customers a safe … Read more

Updated 3:25 p.m. PST with comment from Heartland.

Heartland Payment Systems, which processes payroll and credit card payments for more than 250,000 businesses, reported Tuesday that consumer credit card data was exposed in what may be the largest security breach ever.

In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it found evidence of the intrusion last week and immediately notified law enforcement and credit card companies.

Robert H.B. Baldwin Jr., president and chief financial officer of Heartland, told CNET News he did not … Read more

Reports of data breaches in the United States increased 47 percent in 2008 from the year before, mostly as a result of lost or stolen equipment, and accidental exposure of data online, according to a new study from the nonprofit Identity Theft Resource Center.

There were 656 reports of breaches last year, compared with 446 for 2007, and an estimated 35.7 million records were potentially breached based on notification letters and information from breached companies, the study released this week found.

The breaches run the gamut, including: laptops stolen from Merrill Lynch and Starbucks; bank card information stolen from … Read more

There have been 516 large security breaches this year to date, according to the ID Theft Resource Center, with 30,382,786 consumers potentially exposed.

That number is significant, because it's greater than the record number of breaches reported in 2007, said the ITRC, which released its report (PDF) last week. Part of the rise is the result of increased disclosure to consumers affected by breached organizations, as required by state laws. The ITRC also attributed the increase to its ability to access state attorney general notification lists; these often contain breaches that were not reported via media or … Read more

According to a report this week from Verizon Business, risk factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, which is why Verizon has revisited an earlier report. The goal of both the new and the prior report is to offer detailed insight into how data breaches occur, so that companies can address the problems within their specific industry.

The June 2008 report spanned four years and included more than 500 forensic investigations involving 230 million compromised records. The new report uses that same data but drills down within four key … Read more

Risks factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, according to a report released Thursday by Verizon Communications.

The new report (PDF) builds on data released in June. The initial report spanned four years and included more than 500 forensic investigations involving 230 million compromised records.

In the initial report, Verizon found that 73 percent of the data breaches were the result of outside sources, with only 18 percent from insider threats. Of the outside sources, 39 percent were attributed to business partners. But that's an average.

The new … Read more

A few weeks ago, I brought you news that Indiana's Governor had signed into law HB 1197, a data breach and encryption bill that I worked on.

What I have not revealed, up until now is the coercion and arm-twisting that accompanied the passage of this bill. While the details may not surprise jaded readers, it certainly gave me a reason to dislike the entire process, as well one particular power-tripping legislator. Now that the bill, albeit a significantly slimmer version, has become law, I'm free to tell the story.

As regular readers of this blog know, I … Read more

It turns out malware somehow found its way onto a Maine-based supermarket chain's servers, which led to the security breach announced earlier this month compromising up to 4.2 million credit cards.

Citing a letter the Hannaford grocer sent to Massachusetts regulators, The Boston Globe on Friday reported that the malicious software intercepted data from customers as they paid with plastic at checkout counters and sent data overseas.

The malware was installed on computer servers at each of the 300-some stores operated by Hannaford and its partners, the Globe reported.

The company is continuing its investigation into how the … Read more

With a stroke of the Governor's pen on Monday, Indiana became one of the few states in the country to provide strong incentives for businesses to encrypt sensitive customer data. Unlike many of the laws that pass through state legislatures - this one was not ghost written by lobbyists or special interests. It was co-written by a tech-savvy state legislator, and a blogger constituent .... me.

One of the biggest problems in the hundreds of data breach and data loss incidents that have been reported over the past few years is that so little of the data is encrypted. If … Read more