I ran across a good article on a TechTarget site, SearchSecurity.com, titled "For data minders, 2007 was a year of living dangerously" that provided some frightening information on how many data breaches occurred or were revealed in 2007. According to the article and information obtained from Privacy Rights Clearinghouse (PRC); the number of exposed records had exceeded 217 million!
PRC, a non-profit consumer information and advocacy organization, has a "Chronology of Data Breaches" section on their site that details breaches from 2005, 2006 & 2007 and is updated about every two weeks. 2007 was not a good year for the retailer, TJ Maxx (NYSE: TJX) and I don't think it was so much the fact that customer information was compromised, but how they dealt with the breach afterwards:
"When TJX first disclosed its data breach in January, the retailer came under heavy criticism for what many considered a sloppy response. The company didn't disclose the breach until a month after it was first discovered, and few accepted its explanation that investigators recommended the period of silence. TJX also seemed to have trouble getting an accurate assessment of the damage. For example, the company initially said that attackers had access to its network between May 2006 and January 2007. Later it admitted that thieves were inside the network several other times, beginning in July 2005. The came word that the stolen data covered transactions dating all the way back to December 2002."
The latest update on this data breach estimates TJX expenses at $500 million to $1 billion. In a settlement with VISA USA, TJX will pay a maximum of $40.9 million to fund an alternative recovery payments program for customers affected by the breach. At least 19 lawsuits have been filed, and there are investigations underway by the Federal Trade Commission and 37 state Attorneys General.
