Thursday, March 29, 2007

Massive theft of credit card data at TJX in US and UK

As the Boston Globe reports in its online edition today, retail firm TJX Companies, Inc. has been the subject of a hacker attack that has resulted in the biggest theft of credit and debit card numbers ever.

TJX operates around 2500 stores and owns T.J. Maxx, Marshall's and A.J. Wright in the United States as well as Winners in Canada and T.K. Maxx in the UK and Ireland.

As the firm disclosed in a regulatory filing to the SEC yesterday, the hacker(s) had been active since 2005 in its system. It was only in December 2006 that the intrusion was detected and stopped. TJX estimates that at least 45.7 mio. credit and debit card numbers were compromised in computer systems at its headquarters in Framingham, Mass. and Watford (UK). An apologetic letter from the company's CEO on its website dates from February 21 and gives information on contact numbers and recommended steps for customers. It als says that it is sending letters to the estimated 455,000 customers whose driver's license numbers, state identification numbers, or military identification numbers and names and addresses were believed to have been stolen.

Technorati Tags: ,

Wednesday, March 28, 2007

Further evidence of privacy and surveillance debate moving up the agenda in the UK

The British Royal Academy of Engineering (self description: "we bring together the country’s most eminent engineers from all disciplines to promote excellence in the science, art and practice of engineering") has just published an extensive report on "Dilemmas of Privacy and Surveillance" (available as a pdf file here).

The 64 page report, drawn up by 12 strong working group over the course of the last year (which included my colleague Bill Dutton from the Oxford Internet Institute), puts the focus on the ambiguities of the technological developments rather than predicting either Utopia or Dystopia. But rather than having to choose between liberty and security, the report argues "that, with the right engineering solutions, we can have both increased privacy and more security." And, of course: "Engineers have a key role in achieving the right balance." Who would have thought that, coming from this source ;-)

But more seriously again, the report gives a serious and balanced discussion, and lots of information on topics such as CCTV, loyalty cards, mobile phones, but also technology to protect privacy. Concluding with 10 recommendations (which include a call for increased powers for the Information Commissioner and for technology to be designed with privacy protection in mind), it is well placed to inform public debate on the topic in the UK.

As I argued previously in this blog (see here and here), we can see a broadening of the political and societal debate around privacy and surveillance in the United Kingdom in the last months, and this report is further evidence of it.

Technorati Tags: , ,