Enabling Secure Business Operations
«
»

Notification Protocols

I hope everyone remembers the TJX compromise in January Well, I received a letter from my bank yesterday telling me that my debit card was one of the numbers compromised.

Let’s see the general timeline here:
July 2005-December 2006: compromised time (estimated)
December 2006: I buy some Christmas gifts at TJ Maxx using my debit card (as a credit card)
January 2007: First public notification that something’s wrong
January 2007: Some consumers are notified
February 2007: Public notification that the compromise might include more cards than initially thought
March 2007: TJX releases more details
June 21, 2007: I’m notified of the potential compromise of my data

My bank took 6 months to notify me that my information was compromised.

I received a letter in the mail telling me that my number was compromised as a part of the TJX compromise, and that the bank had been monitoring it, and there were no fraudulent activities, but could I change my pin number just in case?

So, I’m thinking here, that 1) I know I didn’t use the card as a debit card (I only do that at the grocery when I need cash), and 2) WTH didn’t they tell me back in January or even February?!?!?

I called up the bank, changed my pin, and demanded that a new card be issued. They really didn’t want to issue me a new card at first. I explained to them that I know I didn’t use my pin for the purchase, and I was more concerned about the card number than the pin number. They finally agreed to issue me a new card, but didn’t cancel my old one until I activate the new one (WTF?).

I gave an earful to the rep about why wasn’t I notified back in January or February. I was polite, but definitely forceful, and I think I made the poor guy feel bad. He started to say “sorry, we should have”, but then interrupted himself and issued my new card.

Normally, I’m very happy with my bank from a security perspective, but this really upset me. Not enough to consider moving elsewhere, but enough that I composed and sent a polite “nastygram” to their security and privacy departments.

Post to Twitter Post to Facebook

This entry was posted on Friday, June 22nd, 2007 at 10:59 am by Laura Raderman and is filed under rants. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Notification Protocols”

  1. The Doctor Says:
    June 22nd, 2007 at 3:36 pm

    I was caught in the same screw-up at the bank. I was notified that my card info was compromised a few days before you were, if I recall correctly. They were nice enough to cancel my cheque card/debit card immediately… which left me
    without any way of accessing my bank account save writing cheques out by hand.

    It’s amazing how reliant American society has become on those cards because they are rapidly forgetting what cheques are.

Contact

Twitter Updates

Recent Posts

Archives

Categories

© Gemini Security Solutions, Inc. 2007. All Rights Reserved.       Privacy Policy