|
U.S. PIRG Consumer Blog
« More on Jeff Chester's Digital Destiny |
Main
| More on treaty threatening Internet »
January 18, 2007
Latest breach at TJ Maxx/Marshalls
I appeared on CNBC's On The Money last night, along with Robin Sidel of the Wall Street Journal, who broke the story yesterday of the latest (but perhaps ongoing since 2003) and possibly the biggest (perhaps bigger than the reported 40 million records lost by processor Cardsystems) security breach at a retailer. This one occurred at TJX Companies, which includes the giant retailers TJ Maxx and Marshall's (company "Customer Alert" on its home page). Since the WSJ requires paid registration, here's an AP story. CNBC host Melissa Francis basically asked me two questions:
We keep hearing about these breaches but does it matter (paraphrase)?
What should consumers do?
Here are some slightly longer answers than I was able to give in the accelerated TV format:
Last answer first: Stop using debit cards! This has always been my recommendation for Internet use and is now my recommendation for all use. Your federal debit card legal rights are weaker than your credit card rights. Even if the card associations make promises to make you whole, you'll still face the problem of fighting with your bank to get your own money back. Meanwhile, the money drained from your checking account (and perhaps a linked savings account) could make the rest of your financial life miserable until the bank comes through on its promise. If you believe that the risk of credit card debt is greater than the risk of security breaches, and you absolutely must use a debit card instead of cash-- consider opening a special compartmentalized account at a new bank spearate from where you keep most of your money. Only keep enough money in it to avoid fees and deal with your use.
Are consumers at risk-- that is, do these breaches result in identity theft or not? The answer is simple: First, the epidemic of breaches shows that companies are not doing enough to protect our information. That's clear. Second, despite industry spin, more than 50% of identity theft victims never find out how or why. That's enough reason to keep the pressure on for strong security breach notification and identity theft prevention remedies such as the right to place a security freeze on their credit reports. Meanwhile, expect the latest phalanx of industry lobbyists to descend on Capitol Hill insisting on enactment of weak, preemptive federal rules that let them (those who lose information), decide whether or not to tell us (those who suffer the consequences). Wrong answer. The true solution lies in allowing continued innovative efforts by the states to protect their citizens. It's the only privacy answer that's ever worked.
Posted by Ed Mierzwinski at January 18, 2007 07:05 AM
Post a comment
|
