Data Theft Grows To Biggest Ever – Fraudulent Purchases Pop Up in Breach Of 45.7 Million Shoppers’ Records

At least 45.7 million credit and debit card numbers from customers in the United States, Britain and Canada were stolen over a period of several years from the computers of TJX, the discount retail giant disclosed in a regulatory filing this week. The figure, which the company said is incomplete, represents the largest reported computer theft of personal data in history.

TJX, whose 2,500 stores include clothing chains T.J. Maxx and Marshalls, reported the breach in January but disclosed its massive scale for the first time in a filing made to the Securities and Exchange Commission after business hours Wednesday.

The computer breach is significant not only because of its scope but also because the hacker or hackers had access to the decryption tool used to decipher sensitive encrypted information and an ability to intercept data as shoppers’ credit transactions were being approved.

Thieves have been using the data to make fraudulent purchases in Florida and as far away as Sweden and Hong Kong, according to police and bank officials.

Also taken were personal ID numbers, related names and addresses, and drivers’ license, military and state ID numbers from 455,000 shoppers who made merchandise returns in the United States and Puerto Rico.

{This cautionary story shows why Congress should act now to require the nation’s electronic health information systems to build in ironclad security and privacy controls. The current market is NOT building electronic health systems to protect medical privacy, but to facilitate access by the over 600,000 health-related businesses called ‘covered entities’, facilitate data mining, and facilitate unwanted secondary uses of our sensitive medical records. Medical records contain information about our minds, bodies and genetics, as well as our financial and demographic information and our social security numbers. We cannot afford to place all 295 million Americans’ futures at risk for job, credit discrimination, and identity theft by building an unsafe digital health system. Privacy-enhancing technology exists now–which could be used to provide consumers with exquisite control of access to their medical records down to the data field and state-of-the-art security protections to stop hackers and thieves. Congress has to require all electronic health systems to use these ‘smart’ technologies. ~ Dr. Deborah Peel, Patient Privacy Rights}

Leave a Reply

Your email address will not be published. Required fields are marked *