Some of the companies which had data stolen, leading to last week’s ("Feds Charge 11 in Theft of 40 Million Credit Card Accounts," Aug. 6) did not inform customers about the breaches despite laws requiring them to do so, according to a report in today’s Wall Street Journal.
More than 40 million credit card and debit card numbers were stolen over a five-year period, according to the indictment. But only two retailers clearly alerted their customers, according to the story.
Forty states have laws, many patterned after California Senate Bill 1386, requiring notification of affected parties in the event of a data breach. The laws differ somewhat in wording, but the California legislation, affecting any companies that do business in the state, require notification if a breach occurs regardless of whether any fraud is actually committed.
Yet major retailers including Office Max Inc., Barnes and Noble Inc. and Sports Authority Inc., did not follow through with this rule, according to the Journal.
According to prosecutors, the thefts had been taking place since 2003. But the scope and scale of the operation was not realized until TJX Cos., owners of T.J. Maxx and Marshalls, announced in March 2007 a security breach going back to 2005 that involved some 45 million consumer accounts (“TJX Says 45.7 million Credit Card Numbers Stolen in Breach,” March 30, 2007).
When authorities began investigating that breach, they discovered that many announced security breaches, which seemed unrelated, were in fact done by the same people.
![[Image by creator from ]](/media/images/Finvi_Tech_Trends_Whitepaper.max-80x80.png)
![[Image by creator from ]](/media/images/Collections_Staffing_Full_Cover_Thumbnail.max-80x80.jpg)
![Report cover reads One Conversation Multiple Channels AI-powered Multichannel Outreach from Skit.ai [Image by creator from ]](/media/images/Skit.ai_Landing_Page__Whitepaper_.max-80x80.png)
![[Image by creator from ]](/media/images/paper-collections_triggers_1_1.max-80x80.png){kind=small}
![Report cover reads Bad Debt Rising New ebook Finvi [Image by creator from ]](/media/images/Finvi_Bad_Debt_Rising_WP.max-80x80.png)
![Report cover reads Seizing the Opportunity in Uncertain Times: The Third-Party Collections Industry in 2023 by TransUnion, prepared by datos insights [Image by creator from ]](/media/images/TU_Survey_Report_12-23_Cover.max-80x80.png)
![[Image by creator from ]](/media/images/Skit_Banner_.max-80x80.jpg)
![Webinar graphic reads Legal Hot Topics from insideARM's CRC Legal Advisory Board July 18,24 at 2pm ET [Image by creator from ]](/media/images/Landing_Page_Graphic_3.max-80x80.png){kind=small}
![Webinar graphic reads Help Wanted: Predictive, Collaborative and Intelligent Contact Data April 25 at 3pm et by TransUnion [Image by creator from ]](/media/images/Web_replay_Landing_Page.max-80x80.png){kind=small}
![Webinar graphic reads Multi-Channel AI: Improve Contacts & Increase Revenue Compliantly April 4 at 2pm et [Image by creator from ]](/media/images/Skit.ai_InsideARM_Landing_Page_1200x627.max-80x80.png){kind=small}
![Streamline Your Collections Process with Voice AI [Image by creator from ]](/media/images/Streamline_Your_Collections_Process_with_Voice.max-80x80.png){kind=small}
![How to Connect with Today’s Digital Consumer [Image by creator Editor from insideARM]](/media/images/finvi_webinar_thumbnail.max-80x80.png){kind=small}
![Customizable or Configurable? Webinar [Image by creator Editor from insideARM]](/media/images/Landing_Page_2.max-80x80.png){kind=small}
![How to Launch an Omnichannel Collection Strategy [Image by creator Neustar from insideARM]](/media/images/omnichannel-webinar.max-80x80.png){kind=small}
![Breaking Down the CFPB's Opinion on Convenience Fees [Image by creator Editor from insideARM]](/media/images/2022-11-convieniance-fees-webinar.max-80x80.png){kind=small}