We’ve all come to refer to the TJX data breach as the largest one in history, with an estimated 45.7 million credit card accounts exposed through a brech in the discount retaler’s wireless network. Some even place the number of affected acounts in the vicinity 94 million. Whichever the real number is, it is huge, scary and as it has happened over a significant period of time, it got plenty of coverage.

In the recovery process, they had to pay 40.9 million dollars to settle a lawsuit, but according to the Register TJX had created a 118 million fund to pay for breach-related damages in August 2007. 11 people were charged in relation with the data theft and some trials are still ongoing. The retailer has made an attempt to close this dark chapter for good by offering one-day 15 percent discounts in all its US and Canadian stores, as a token of their appreciation for the customers “for retaining their loyalty after it did such a bad job of retaining their records”.

Nice strategy to reward customers, build trust and boost sales at the same time! But I believe they need to implement all the cutting edge security toys in the market and make every new added layer of protection public to ease the minds of those affected.

It has recently  been discovered that the people behind the largest security breach in history, TJX, a heist affecting 46.5 million cards, have also breached US retailer Forever 21, lifting about 99,000 debit and credit cards.

As the Register reported, Forever 21 discolesed the breach on their site, letting everyone know they found out about the heist about a month ago from law enforcement officers. There where 9 specific dates when the payment card system was breached, spread from March 2004 to August 2007. The breach exposed card numbers and expiration dates, along with other details stored but not disclosed by Forever 21.

If you’re looking for the Forever 21 official statement, read the explanation on how to get to it on the Register, apparently it cannot be linked to… So much for transparency and caring more about your customers finding out and being protected than your image, which will be affected anyway…