The issue hit the headlines last January when TJX Cos. Inc., the parent company of TJ Maxx and Marshalls, revealed an intrusion into its computer systems that ultimately affected an estimated 45.7 million accounts for customers in the U.S., Canada, Puerto Rico, the United Kingdom and Ireland. Other retailers, such as Polo Ralph Lauren, Victoria's Secret and DSW Shoe Warehouse, have also suffered security breaches in recent years. Polo customers' credit card information stolen in 2005 was found in the hands of European cyber thieves as recently as this past summer.
While retailers that had breaches have fixed the problem, the issue continues to bubble up. Most recently, "60 Minutes" late last month aired a segment that claimed retailers aren't doing enough to safeguard customer data — which ran just in time for the key holiday shopping season.
Industry observers said the show was fair and accurate in its main points, but one example might have led the public to think the problem is actually worse than it is. Specifically, the program might have caused the typical viewer to confuse credit card theft with identity theft and left viewers with the impression they are more vulnerable than they actually are when using a credit card in a brick-and-mortar store. A segment showing how criminals auction stolen information online used an example of data that was most likely stolen from a bank rather than a retailer. In reality, it would be impossible for data thieves attacking only a retailer to get their hands on a customer's Social Security number, mother's maiden name and ATM card and pin numbers. Typically, they would get only credit card numbers, addresses and cardholder names because that is all retailers collect.
Nonetheless, security lapses, both in retail stores and elsewhere, are on the rise and becoming a major public concern. Since September, Home Depot, Gap, Blockbuster and Art.com have reported hacking or other incidents that put personal data at risk.
Recent lapses at government agencies have added to the sense the data security problem is out of control. In the United Kingdom, personal data on 25 million people — nearly half the population — was put at risk for fraud when two government disks containing unencrypted data on recipients of child benefits went missing in the mail. Also last month, Social Security numbers for 185,000 U.S. military veterans were put at risk by the U.S. Department of Veterans Affairs. This incident followed the 2006 debacle when personal information on 26.5 million veterans was compromised.