Comments on: Hi-Tech Heist

How Hi-Tech Thieves Stole Millions Of Customer Financial Records

[mishtoon]

The more the people are scared and paranoid the easier to control them.

[ramman13876]

The real hacker may be the way you presented this story. Where was the interview with the credit card companies? I am a retailer who would love nothing more than to accept nothing but cash. The card companies reward card holders to use the card while keeping close to 3% of the purchase price. Then on top of this they require me to keep their customers data safe.

You story missed the point completly. The culprit is the card companies who increasingly encourage there card holders to swipe the card. The card companies are the folks making money on card usage not the retailers. The retailers are required to accept the card if they want to sell to customers.Like I said there isn''t a retailer out there who wouldn''t love to throw master and visa out the door.Last month my card expense was near $1000.00 for accepting cards. Maybe master and visa should take some of these profits and secure their customers numbers.

In closing ...you are correct about the problem but absolutly missed the boat completly as to who is at fault. Very dissapointing on your very sloppy coverage. You have to follow the profits.....credit card usage is an expense to the retailer.....only the card company profits from it''s use so they are responsible for keeping the cards usage safe.

[longlegga]

"I don%u2019t know why anybody who looks into would ever use a credit card, ever." "Because it%u2019s a lot more convenient than walking around with piles of cash in your pocket," Rasch explains.

ACTUALLY...the real reason people use credit cards is because they don''t have any money. Most of the population is in debt. They have no choice but to use the credit cards. Bankrupcy is up 8.7% this year....go figure!

[sillypetey]

I agree with ykolomiyets about this being fear mongering. Oh my god! I can see SSIDs! Hey look, Staples HotSpot! Staples is giving away my SS#!! Oh, a HotSpot is WiFi access for the public? And Staples is allowing me to use it for free? And it''s not related to their internal network? Shoot, there goes the credibility of "60 Minutes". I couldn''t even finish watching this story on TV after that (although I did read the full transcript online). One of my family members did finish watching it though, and is now afraid that everytime they use their CC their SS# will be attached. Thanks "60 Minutes" for having no reason to exist than to scare people. I feel they should have to put up a warning throughout the show that "this is merely entertainment and no facts were used in the making of this show. Any true facts leaked were accidental and in no way represent a fact on purpose." Although, it is scarier if you can spice it up with a couple facts just to make it believable. Like using real store names! If they had just made them up the store names like the bulk of the "facts" in the story, no one would have been frightened. At least I know now to never take a report from "60 Minutes" seriously. And with Anderson Cooper in this episode, he now loses credibility. I wonder what "60 Minutes" will do with the writers on strike. No one will be there to make things up. This show is as real as MTV''s "The Hills"!

[premierpos]

I watched this story in total disbelief. Not about the theft of the credit card numbers, but in the statements that Visa and MasterCard REQUIRE merchants to store the credit card number. This is so blantantly untrue. Encumpus from PremierPOS does not store a customer Credit Card number at any time. We receive a unique ID from the processor. The only information stored is the last four digits and the type of credit card. This is more than enough information to deal with charge backs. In fact to handle refunds we use the unique ID provided by the processor. There is nothing in our databases to compromise. So TJX is not stating the facts correctly or is ignorant of the actual requirements.

[mishtoon]

Where can we get a list of stores that protect our data?

[mishtoon]

For the show to be complete, 60 min should supply us with the name of the stores that SECURE our private information. CBS should offer this list as a service to the public. Otherwise it is just a another story to panic the already paranoid public.

[not_shocked]

Follow this link for info on Mosaic or Blurring sensitive info... I am in no way affiliated.

http://dheera.net/projects/blur.php

[not_shocked]

Tech-savvy people have been aware of war-driving techniques for at least 7 years now. This information should be old hat for a certified Network Administrator. However, "mosaic or blurring of sensitive data", of the variety provided during this broadcast, is a real and recent threat. Please keep your viewers up to date, and remove your security shortcomings before exposing others''. JM2c

[connita2]

The systems people of these companies should be aware and make the necesary steps to update security. And save the least information made mandatory

[cats_va]

Recently had a credit card sent to my by Citi CashReturns Card. Never order it so I called to inquire. Seems I had a Sears CC some years back and they some how got the rights to send me a card. What is MOST SCARY is that everyone I talked to from the call center employee, a supervisor and the executive assistant to the President can SEE and has ACCESS to my entire SS#. Citi does not encrypt the number. I asked to have the CC cancelled and requested my information be deleted from their files. The executive assistant said the Patriot Act does not allow them to do so. I guess anyone and everyone at Citi get my identity.

[ykolomiyets]

This is the dumbest case of fear mongering I''ve seen. Blaming WEP for insecure systems is like blaming locksmith for someone breaking in your house using copies of your keys when you don''t have an alarm system. The issue is overall security, which needs to be implemented throughout the organization, not simple encryption protocols on the store''s wireless systems. Majority of all compromises originate from inside of the organizations anyway, so external wireless security is irrelevant.Next time please invite a computer security expert, maybe someone who has a CISSP certification, on your show so they can explain you basic things like that. College kids who know how to use Kismet/KisMAC and how to crack WEP are not experts.

[ykolomiyets]

This is the dumbest case of fear mongering I''ve seen. Blaming WEP for insecure systems is like blaming locksmith for someone breaking in your house using copies of your keys when you don''t have an alarm system. The issue is overall security, which needs to be implemented throughout the organization, not simple encryption protocols on the store''s wireless systems. Majority of all compromises originate from inside of the organizations anyway, so external wireless security is irrelevant.Next time please invite a computer security expert, maybe someone who has a CISSP certification, on your show so they can explain you basic things like that. College kids who know how to use Kismet/KisMAC and how to crack WEP are not experts.

[arche4335]

I am not sure why they are telling people to upgrade to WPA instead of WEP. WPA is just as vulnerable to cracking as WEP. They are about 1-2 years behind on this story. WPA has already been cracked. They need to be more up too date on this issue. The story has told nothing new.

[big_kesh]

I really did enjoy the story. It was very informative. I have a concern about stores printing your complete credit card number on your receipt that is signed and kept in the store. Is this still acceptable and if not, who do I report these stores to? I shop at these stores often and I wouldn''t like for my information to be "leaked" out to hackers.