Fine print, Protecting yourself, Shopping

Largest credit card scam uncovers retailer culpability

Julie Sherrier

As reported around the world and here at, the latest — and biggest — identity theft scam in U.S. history was disclosed last week, revealing that more than 40 million credit and debit card numbers were stolen from nine U.S. retailers. What is frightening is the fact that only four of the nine affected retailers notified customers of the security breach and the others, well, either they won’t tell or they claim that the breach was never confirmed.

I read with interest about the credit card data breach at TJX Companies, which includes TJMaxx and Marshall stores, especially since I frequent TJMaxx more than I would like to admit. As a result of the media coverage, I made a concerted effort to check my financial records often for any suspect activity. Luckily, I have been unscathed.

But when I heard that credit card data from
Barnes & Noble, OfficeMax, Boston Market, SportsAuthority and Forever 21 was also stolen, I was confused. Why didn’t I hear about those stores as well? As a frequent customer of several of those retail outlets as well, the odds of my credit card number being one of the 40 million that were stolen increased dramatically.

According to a recent article in The Wall Street Journal, “Most states mandate that companies tell their customers when their credit card data is stolen from stores. The laws are designed to give consumers a chance to protect themselves against fraud or identity theft.” In fact, as the frequency of identity theft attacks has increased, more than 40 states now have laws that require companies to warn consumers as soon as possible when personal information is stolen. So, did these companies break those laws?

Boston Market, Forever 21, OfficeMax and Sports Authority officials are still digging their heels in, saying that they either had no knowledge of a breach or that there was no breach at all (despite federal authorities having alleged evidence to the contrary) or just refusing to answer the phone.

“Companies typically have made disclosures by letter, whenever possible, and through public announcements on their Web sites and in press releases to the media” whenever a data security breach affecting personal information occurs, reports the Journal. As a consumer, I don’t blame these companies for security lapses, but I do blame them for not notifying affected customers.

And just for the record, the other retailers who did do the right thing (beside TJX) are: BJ’s Wholesale Club, DSW shoes and Dave & Buster’s.

See related: Feds charge 11 in largest identity theft case in U.S. history, “Wardriving” in the era of overpriced gasoline

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • Anonymous

    Does anyone offer a business credit card for business without requiring a social security number of an individusal so that it goes on the buisness credit report not the individual’s report?

  • Barbara

    (Posting 1/27/12) My Capital One credit card recently began posting numerous fraudulent charges to my account from a Marshall’s Store out in Fresno, CA. – (3 charges for $100.00 each and one for $97.00) I am in the midst of disputing the charges with my credit card company however I would like to know if anyone else has experienced this type of activity resulting from Marshall’s. I suspect that my card was somehow compromised when I did do some shopping at a Marshall’s store in Dallas, TX during December of 2011. These fraudulent charges occured at a Marshall’s store out in Fresno, CA. I was in Oklahoma at the time nowhere near California.
    Thanks in advance for any replies.