Another major retail breach?

January 15, 2008
Consumer affairs blog consumerist.com is claiming an exclusive that a "major retailer" has suffered a large credit card data breach, resulting in a surge of fraud reports from readers.

The popular blog - part of the Gawker Media family - today cited anecdotal evidence showing "a jump in consumers having their debit cards forcibly reissued, or calls from their bank to verify their recent purchase history. The problems seemed to have started just around Christmas time and have continued into mid-January."

The possibility that a breach affected a major retailer certainly would come as no surprise, considering the lax security that still seemingly permeates the industry, even after the TJX catastrophe.

Equally unsurprising would be the fact that we haven't yet heard about this. In the case of TJX, hackers entered and exited the network for a couple of years before an alarm even sounded. But most states have laws in place that victims need to be notified in the event of a data-loss incident, so once it finds out, no retailer will be able to hide it for long, even if a police investigation initially delays the reporting.

The timing of this alleged breach - who knows if this story is even true - is quite intriguing considering I was just down at the National Retail Federation's annual conference at the Javits Center in New York.

I didn't attend last year, but I'm guessing neither did as many security companies, who were there pushing their latest Payment Card Industry compliance solutions. Expo attendees were paying attention, but I still have a very strong suspicion that widespread awareness and acceptance of the problem - which is, hackers are out to get you - is still years away.
prestitial ad