Shostack + Friends Blog Archive


Visa says TJX Impacted 94 million accounts, $68MM+ in fraud

“Although TJX suggests that the breach only affected approximately 45.7 million accounts, in fact the breach during a period of 17 months affected more than 94 million separate accounts. To date, Visa has calculated the fraud losses experienced by issuers as a result of the breach to be between $68 million and $83 million on Visa accounts alone.”

Evan Schuman, quoting Visa’s Joseph Majka, in “TJX Breach More Than Twice As Bad As Had Been Reported .”

Would someone please page Willy Sutton?

5 comments on "Visa says TJX Impacted 94 million accounts, $68MM+ in fraud"

  • Pete says:

    I wonder how Visa could get to causation here. I don’t believe timing is considered anything other than potentially correlated… and over such a long time period, it would seem like many alternative sources would have popped up.

  • Blake says:

    I’m not very good at math, but I come up with between $.72 and $.88 per consumer. No wonder the public doesn’t care.

  • beri says:

    Blake, people will care when credit card interest rates go up to cover the losses to the credit card companies. there is no such thing as a free lunch. Someone, somewhere, will pay.

  • This has the potential to be an interesting case. Normally individual plaintiffs can’t get these things off the ground due to the difficulty in proving damages (see, e.g., here), but the banks seem to have done some homework in quantifying their injury. That isn’t to say they’ll win, but there is definitely the potential to make some interesting law.

  • Chris says:

    I’ve often wondered about the extent to which firms whose data has been exposed by others (for example, as is said to have occurred in the recent Gap case, or in the canonical “auditor left it in his rental car” scenario) have sued the custodian of the data (or threatened same and arrived at an agreement).

Comments are closed.