(Image used under: Creative Commons 2.0 [SRC][Mod])

If you've been following this breach, the key problem here is two part:

1) TJX is the parent company of several other companies including TJ Maxx. Each of those companies shared data with TJX creating a massive database (and a single target for the hackers).

2) TJX (and others) shouldn't have stored the credit card data in the first place and when they did, they should have used better security.

Though they'll blame "clever hackers" for the breach, the fault instead lies squarely with TJX who's business practice of storing credit cards against people's will along with negligent use of outdated wireless encryption (WEP) first created a giant target and then then left a gaping hole for the bad guys to be able to go and get it.

No security, no accountability. TJ Maxx

(Image is in the Public Domain)

So today my wife received a letter from our bank saying that her card was included in the data breach. They were very pleasant and helpful (as credit unions tend to be), but one thing caught my attention:

If at any time you suspect you may be a victim of fraud or identity theft, you may place a fraud alert on your credit file with one of the three major credit-reporting [companies]. A fraud alert will require any company or creditor to contact you to authorize any new accounts or loans.

For the record, fraud alerts are required, but can be ignored. The problem is that it's the issuing company's responsibility to check for the fraud alert and act accordingly. Since it hurts their business to do so, it's far more likely that they will "miss" the flag (especially when they're on commission). That means that it may help and it may not.

Lose data due to negligence and you pay. As it should be.

(Image is in the Public Domain)

Consumer Affairs follows the story of TJ Maxx vs Consumers as they get sued for losing data due to "failing to maintain adequate computer data security of customer credit and debit card data". Well good.

You wouldn't have lost it if you didn't take it in the first place.

(Image used under: Creative Commons 2.0 [SRC][Mod])

In a not so surprising story, some large chain stores have been hacked and had their databases of customer information stolen creating a risk for their customers.

The end result is that consumers are often left completely in the dark when data breaches occur, wondering if they dodged a bullet, or if the inconvenience and frustration of fraud is simply waiting to hit them at a later date.

I hate these stories. If they didn't store so much data in the first place, this wouldn't even be a problem.