Unencrypted Lost Tape Affects 230 Retailers

Lucas123 tells us that a backup tape lost by Iron Mountain reportedly contains credit card information from 650,000 customers. The unencrypted tape also holds Social Security numbers for 150,000 customers. Quoting the Computerworld Article: "Although J.C. Penney was the only company that Jones would confirm as affected by the missing tape, that retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach. 'Clearly that number includes many of the national retail organizations,' he said."

Re:Social Security?

[BosstonesOwn]

My Massachusetts license doesn't have my social security number.

It was a known scam for some time to cause an accident on purpose (swoop and squat scam http://www.fbi.gov/page2/feb05/stagedauto021805.htm ) on a very nice vehicle perceived to have a high value. They would jott down your info including the license # which was your social security # and go on spending sprees with the victims credit info, while also collecting from the insurance company.

Re:Broken system

You really need to be able to authenticate yourself without handing over any secrets, i.e. by using some kind of protocol where you prove that you _have_ a secret (such as a CC# or SSN) without any requirement to reveal what it is.

Sounds an awful lot like why public key cryptography was invented ...

Re:Broken system

[Peeteriz]

Chip-cards do it - for example the EMV (europay-mastercard-visa) standard credit/debit cards - the card proves it's 'realness' by being able to execute cryptographical challenge-response, but not revealing (and thus, not allowing to copy) the secret key to anyone in the chain - not the merchant, not the POS terminal used, not the bank that processes the merchant's transaction (and still all these parties can and do verify that the transaction was signed by the billed card, and not injected by some middleman).