Thursday, March 01, 2007

This time it's personal

In addition to my weekly New Yorker magazine, today's mail contained a plain envelope with a PO Box return address. From a mile away, I could tell it was a credit card. Like many people recently, my bank has sent me a new credit card in the mail because I shopped at Winners. According to the letter, there is reason to believe my credit card was compromised in the Winners/TJX breach. The form letter tells me that there's been no evidence of fraudulent activity, but this is just in case.

When the TJX story broke, I attempted to contact their privacy officer through the address on the website. What I was looking for was a fax number becuase I did not want to communicate with them, particularly about my credit card, via e-mail. That was months ago and no contact and no reply. Not impressive.

I just went to the Winners website and tried to check out their IMPORTANT CUSTOMER ALERT, which connects (or rather doesn't connect) to a TJX server:

Less impressive.

Going directly to the TJX website provided a working link:

As TJX’s President and Chief Executive Officer, I want our customers to know how much I personally regret any difficulties you may experience as a result of the unauthorized intrusion into our computer systems. We are working with leading computer security firms to investigate the problem and enhance our computer security in order to protect our customers’ data. We are dedicating significant resources to evaluate the issue. Given the nature of the breach, the size and international scope of our operations and the complexity of the way credit card transactions are processed, the evaluation is, by necessity, taking time.

Since we learned of the probability of a breach in mid-December 2006, we have cooperated with law enforcement as well as with the banks and credit card companies that process our customer transactions. Further, we have established customer helplines in three countries and are making available a great deal of helpful information on our company websites.

We are committed to continue to address the situation and to provide periodic updates as we learn more. We have reported updated information in a press release which you will find below.

Additionally, I encourage you to access the information we are providing on this website to learn more about steps you can take to protect your credit and debit card information, or to contact our special customer helplines.

With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers should feel safe shopping in our stores. We value the trust our customers place in us and again, I’d like you to know that we sincerely apologize for any difficulties you may be caused. Thank you for continuing to shop at our stores and for your years of loyal patronage.

Respectfully,

Carol Meyrowitz
President and Chief Executive Officer

Those affected may seek some perverse comfort that TJX may face significant penalties under the PCI Data Security Standard.

It will be interesting (but certainly not remedial in any way) to see what the Privacy Commissioner concludes about this investigation.

No comments: