Data Breach Alert: A series of data thefts impact Visa and MasterCard

Reports of more another breach have followed the news that 100 million transactions processed by Heartland Payment Systems had been exposed last month. Visa and MasterCard recently warned certain banks and credit unions that more customer data has been compromised, but will not disclose the name of the latest credit card processor to be infiltrated, nor will they say how many customers have been affected.

The Heartland breach was discovered only after a pattern of credit card fraud emerged, leading back to the credit card processor. This means that the stolen card numbers were actively in use by identity thieves. Security analyst Michael Argast says that the latest stolen data has most likely also reached the hands of criminals.

Impacted banks have begun issuing replacement credit and debit cards to MasterCard and Visa cardholders, and will continue to do so over the next few weeks. It is always a good idea to have a credit monitoring service keep an eye on your credit report and alert you of any suspicious activity.

An identity theft protection service will go a step further to protect you and to prevent fraudulent accounts from being opened in your name. To learn more about credit monitoring services and identity theft protection services, see our reviews and comparison charts.

• Tweet

Confirmed: Data breach related 15% discount sale at all TJ Maxx, Marshalls stores on Thursday January 22, 2009

We have confirmed that all TJX stores nationwide, including TJ Maxx, Marshalls, The Maxx, A.J. Wright and HomeGoods, will be holding a 15% discount sale tomorrow Thursday January 22, 2009. The sale is part of a customer good will effort following a massive data breach by the company that exposed millions of customer records to hackers.

The 15% discount sale will be open to any shoppers, not just those consumers that were potentially impacted by the breach. TJX will also honor any other discounts on top of the 15% (although this does not include employee discounts). TJX has previously stated that all stores will have extended hours between 8 a.m. and 10 p.m for the special sale day.

• Tweet

Data Breach Alert: 100 million possible victims in what may be the largest data breach ever

Experts are speculating that a recent breach of a 100 million credit card transactions could be the largest credit card breach in history. The reported number of potential victims is more than twice the approximately 45 million credit card transactions that were breached by criminals that hacked credit card processing systems of TJX, the parent company of TJ Maxx, Marshalls and other popular retail stores.

Heartland Payment Systems, a large credit card processor based in New Jersey, announced this week that hackers had breached the company's computer network and potentially gained access to customer information related to approximately 100 million transaction processed by the company. The breach included information that would allow criminals with the proper knowledge and equipment to create duplicate credit cards.

While Heartland is based on the east coast of the United States, the company processes transactions for 250,000 business located across the country and of all sizes and types.

There is no information available regarding notification of potential victims, although most states do have strict laws that require businesses to disclose data breaches to consumers. Businesses also commonly provide free access to a credit report monitoring service to victims for some period of time following a breach. There is no word yet whether Heartland will be providing free credit report monitoring to victims.

As always, our advice is to act quickly if you believe you or your family may have been a potential victim of this breach. We recommend that consumers review their credit reports in an effort to identify any suspicious accounts or activity. Many credit report monitoring services offer free access to your credit reports and scores when you sign up for a free trial (read our reviews and comparison of credit report monitoring services to learn more). It is also a good idea to keep an eye on your credit card statements and alert your credit card company of any charges that you believe may be fraudulent.

Additionally, we recommend signing up for an identity theft protection service, such as Trusted ID or LifeLock, that can help prevent new fraudulent financial accounts from being opened in your name.

• Tweet

More details about data breach related 15% discount sale at TJ Maxx and Marshalls

Further review of settlement documents related to the 2006 TJX data breach has brought to light many important details about the 15% storewide discount sale we reported on yesterday. Various Internet message boards have identified tomorrow January 22, 2009 as the target date for the sale.

Below are some highlights from the settlement documentation regarding the terms of the sale:

• The event will include a 15% discount on all merchandise (excluding gift cards) at all TJX stores, which include TJ Maxx, Marshalls, The Maxx, A.J. Wright and HomeGoods.
• The sale will be held on a Thursday, Friday or Saturday in January, February or July at TJX's discretion.
• The discount will be available to all consumers that make purchases on the designated day, not just those customers that may have been impacted by the data breach.
• Additional discounts (excluding employee discounts) will be valid on top of the 15% discount.
• The stores will have extended hours from 8:00 a.m. to 10:00 p.m.

It is important to note that the January 22nd date has not been confirmed by TJX and that the sale itself is not required as part of the settlement agreement. However, TJX has publicly communicated that the sale will occur some time in 2009.

Below is the full text of the section of the settlement agreement related to the storewide 15% discount at TJ Maxx, Marshalls, and other TJX stores.

TJX shall hold a one-time special event (the "Special Event") in which prices on all merchandise (excluding gift cards) in all TJX stores shall be reduced by 15%. This 15% price reduction shall be applied at the check-out register and shall be in addition to all other discounts (other than employee discounts), if any, and shall be available to all customers making purchases on that day. The special event shall be on one day on a Thursday, Friday or Saturday in January, February or July as designated by TJX. The Special Event shall occur following the Effective date on a date which will allow for proper commercial management of the event. TJX stores shall have extended hours (8:00 a.m. to 10:00 p.m.) on the day of the Special Event, except as may be limited by local laws. While by necessity and practicality, the public may access this sale, the sale is provided for by this settlement benefit in the Summary Notice and shall be customary course of business notice of the event, to be advertised close in time to the day on which the Special Event will occur. TJX represents that it has not had any storewide sale event in the TJX Stores system in the past, to the best of senior management's recollection, and that this sale event is the direct result of this settlement, and that the 15% price reduction during the event shall be in addition to any and all other discounts, sales, and the like (other than employee discounts) available at the time of the event. No discount available to the public shall be withdrawn because of the Special Event.

• Tweet

Data Breach Alert: Arizona's Department of Economic Security loses personal data for 40,000 children

On October 14, a wide array of furniture and electronics were stolen from a commercial storage facility used by Arizona's Department of Economic Security, including disks containing the names, addresses, phone numbers and, in some cases, Social Security numbers for about 40,000 children. The DES provides various services such as food stamp programs and other financial assistance and programs designed to help prevent child abuse and neglect. The data breach impacts children who have been referred to the DES for early intervention services over the past several years. The data on the stolen disks was password protected but not encrypted.

Children can be particularly susceptible to identity theft. See our Child Identity Theft Protection Guide for 8 tips on how to protect your children from becoming victims. And if you are interested in an identity theft protection service, see our reviews and comparison.

• Tweet

Data Breach Alert: Data thieves threaten to release Express Scripts customer information

Express Scripts, a pharmacy benefit management firm that handles around 500 million prescriptions a year for about 50 million Americans, received a letter early last month containing the names, birth dates, Social Security numbers and prescription data for 75 of the company's customers. The letter also included a threat to release millions of customer records unless Express Scripts pays the data thieves an undisclosed sum. George Paz, chief executive of Express Scripts, said in a statement that the company is working with the FBI and has no intention of paying the extortionists. Express Scripts is still trying to determine how the data was accessed and how much was stolen. The 75 customers referenced in the letter have been notified, and last week Express Scripts created a website to explain the situation and advise customers on how to go about protecting themselves from identity theft.

If you are concerned about the risk of identity theft, consider an identity theft protection service such as LifeLock or Trusted ID. To learn more about identity theft protection services, see our reviews and comparison.

• Tweet

Win the lottery, lose your identity?

Names, Social Security numbers, addresses and prize amounts for more than 89,000 lottery winners were compromised when a former employee of the Texas Lottery Commission copied the sensitive information onto disks after being fired from his job as a computer analyst last year. The Lottery Commission is currently in the process of notifying the impacted individuals and advising them to place fraud alerts on their credit files. The former employee is under investigation by the Travis County District Attorney's office.

If you are concerned about data security and identity theft, consider an identity theft protection service. To learn more, see our reviews and comparison chart.

• Tweet

Data Breach Alert: Nearly 100,000 credit and debit card numbers stolen from Forever 21

Forever 21 recently announced that 98,930 credit and debit card numbers have been stolen from their computers. This data breach was just one part of a larger theft of more than 40 million credit and debit card numbers, at least some of which were then sold online. Forever 21 customers could be at risk if they made purchases at the store on 3/25/04, 3/26/04, 6/23/04, 7/2/04, 7/3/04, 8/4/07, 8/5/07, 8/13/07 or 8/14/07, or if they shopped at the Fresno, CA location between 11/26/03 and 10/24/05. If you did make a purchase at Forever 21 on any of these dates, you should review your credit card statements for unexpected purchases, and you should also examine a copy of your credit report.

If you are concerned that you may be or may have been a victim of identity theft, you should consider an identity theft protection service. To learn more about identity theft protection services, view our reviews and comparison.

• Tweet

Best Western security breach impacted only 10 customers

On August 24, Glasgow's Sunday Herald reported that hackers had broken into Best Western's online reservation system and stolen 8 million customer records. The Scottish newspaper claimed that the data breach impacted every customer who stayed at any European Best Western hotel in 2007 or 2008. This story was picked up by countless other publications. Yet Best Western insists that while a data breach did occur, only 10 guests at a single hotel in Berlin were affected. The Sunday Herald reporter who came up with the number 8 million did so by simply extrapolating the number of Best Western hotels and hotel rooms in Europe. The reporter has yet to respond to questions about the story.

While Best Western could have pre-empted the exaggerated story by disclosing the breach earlier, their failure to do so is understandable, since the breach took place only 3 days before the story broke and the breach impacted just 10 customers.

Of course, we suggest that you subscribe to an identity theft protection service, which should eliminate the headache of worrying about whether or not companies are safeguarding your information carefully enough. To learn more about identity theft protection services, see our reviews and comparison.

• Tweet

Avoid data breaches – encrypt your Gmail!

Google recently created an option for Gmail users to ensure that their email is securely encrypted using SSL. All you have to do to permanently encrypt your email is go to your Gmail settings page and, next to "Browser connection," select "Always use https." When viewing your Gmail, check the address bar. If it says "https://mail.google.com," you know that your email is SSL encrypted. If it says "http://mail.google.com," then your email is being transmitted in plain text, which makes it very easy for hackers to access your session information and read your email.

Since most people have some sensitive personal information stored somewhere in their email archives, the smart thing to do is make sure that your email is encrypted. If you are sending sensitive information over an unencrypted connection, you are putting yourself at risk for identity theft. To learn more about how to protect yourself from identity theft, view our reviews and comparison.

• Tweet