The Green Sheet Online Edition
February 11, 2008 • Issue 08:02:01
Uh oh, where'd Penney's data go?
One year after the infamous TJX Companies Inc. data breach came to light, J.C. Penney Co. Inc. joined the list of retailers whose customer data has been mishandled. Personal information from an estimated 650,000 J.C. Penney and 100 other retail store customers is unaccounted for.
GE Money, part of General Electric Capital Corp., stated a computer tape went missing in October 2007 from a warehouse run by data storage company Iron Mountain Inc. GE Money, which handles J.C. Penney's and other national retailers' credit card operations, uses Iron Mountain's services to store its data. Along with credit card information, 150,000 Social Security numbers are estimated to be on that tape.
According to GE Money spokesman Richard C. Jones, there is no evidence of fraudulent activity on the accounts involved. And there is "no indication of theft or anything of that sort." He noted that the tape was constructed to make unauthorized access extremely difficult, even for experts or those with specialized technology.
Dan O'Neill, spokesman for Iron Mountain, said the company has "occasionally made mistakes" because of the high volume of information stored and that it regrets losing the tape. However, Iron Mountain said the tape could still be in the warehouse.
"We believe this is an unfortunate case of misplaced tape," Iron Mountain said in a statement. "There has been no evidence to suggest that the media was obtained by unauthorized persons or has been misused in anyway."
As a precaution, GE Money has been notifying consumers of the possible breach since December. Consumers have received letters, telling them to phone a call center for further information. GE Money expects all notifications will be completed by the end of January.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.