breaches

A Maine-based supermarket chain on Monday reported a data intrusion into its computer network that has put some 4.2 million customer credit and debit card accounts at risk, according to the company and press accounts.

No personal information, such as names or addresses, was accessed, said Ronald Hodge, chief executive of Hannaford Bros. in a letter apologizing to customers. "The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," he said.

Hodge added that the intrusion affected customers at Hannaford … Read more

Update: This blog post has been modified since it was first published. Click here for more details, or scroll to the bottom to see the original text.

A pro-consumer, bipartisan data-breach bill was stripped of most its provisions before its feeble remains were finally passed by an Indiana Senate committee on Tuesday.

This came after two weeks of intensive lobbying by AT&T, Verizon, Microsoft, and LexisNexis, all of which wanted to kill the bill. For the most part, they were successful.

In a blog post last week, I explained how I had worked with my state Rep. Matt Pierce (D-Bloomington) … Read more

In a direct slap in the face to consumers, tech industry giants including Microsoft, AT&T, and Verizon are frantically engaged in an effort to kill pro-consumer provisions in a data breach notification bill currently being considered by the Indiana State Senate.

The bill would require that the state attorney general act as a single point of contact for data breaches. Any company that suffered a breach impacting one or more Indiana consumers would be required to notify the AG's office. The bill would also make Indiana the only state in the country to to require the attorney … Read more

On the surface, it looks like we actually made some improvements in protecting private data in 2007. According to the Privacy Rights Clearinghouse, the number of publicly disclosed data breaches actually decreased, from 346 incidents in 2006 to 310 in 2007. Unfortunately, there are still more clouds than sunshine. In 2007, the 310 data breach incidents resulted in a total of 162 million records exposed, more than three times as many as in 2006 (when there were about 50 million).

Here's another frightening data point: Five of the 10 biggest data breaches occurred in 2007, including the record setter. … Read more

Editors' note: This blog initially misstated the number of years of credit monitoring that TJX is offering in the proposed settlement. It is offering three years, or two additional years if the customer is already signed up for a credit monitoring service.

The TJX Companies announced on Friday a yet-to-be-finalized settlement for several class action suits resulting from various data breaches over the last few years.

TJX, which operates such discount retail chains as T.J. Maxx and Marshalls in the U.S. and Winners and HomeSense stores in Canada, is offering claimants three years of credit monitoring (or two … Read more

Online trading company TD Ameritrade alerted more than 6 million customers Friday that a security breach occurred with its client information database.

The database contained such sensitive information as clients' names, Social Security numbers, dates of birth, addresses, phone numbers and trading activity.

Ameritrade, however, stressed that it has no evidence that Social Security numbers and client demographics, such as birth dates and trading activity information, were retrieved or used to commit identity theft. The company also notes that Ameritrade's user log-ins and passwords were not part of the database.

The discovery was made a couple of weeks ago, … Read more

Sometimes it feels like every day, there's word of another incident involving lost, hacked or pilfered personal data stores--and dire warnings about the potential consequences.

But according to a report just released by the Government Accountability Office (PDF), only a small fraction of those recent episodes have actually resulted in clear signs of identity theft.

After scrutinizing the 24 largest data breaches that got media attention between January 2000 and June 2005, the GAO found that only three of the incidents indicated fraud on existing accounts. One pointed to evidence that new accounts had been created based on the … Read more

The Connecticut attorney general has launched an investigation into the compromise of up to 17,000 of Pfizer employees, including some 300 employees within his home state. Pfizer would not comment on when the breach occurred other than to say it involved a Pfizer employee who had taken the data home on a laptop, a machine that subsequently became compromised. The data, including the employees' name, home address, bonus information, and Social Security number, was surreptitiously uploaded and later appeared on an Internet site. Pfizer did not know how much of that information had been copied or used by others. … Read more