Wired Magazine reports that J.C. Penney has lost its fight to remain anonymous keep details of a breach to its payment card network sealed.
The intrusions, by TJX hacker Albert Gonzalez and his overseas accomplices, occurred beginning in October 2007. J.C. Penney admits it was “wholly unaware” of the breach until the Secret Service told the company about it in May 2008, but now says with certitude that no identity or bank-card data was stolen in the breach it failed to detect.
J.C. Penney had argued it was entitled to protections under the 2004 Victims' Rights Act. According to spokeswoman Darcie Brossart:
“Because there was no reason to think that the hackers were successful, there was no need to alarm J.C. Penney customers,” says Brossart, “We believed we had a legitimate interest in not being linked to criminal activity that resulted in major thefts from other companies.”
So in court filings, J.C. Penney argued that it was entitled to anonymity under the 2004 Crime Victims’ Rights Act, a law intended to protect the “dignity and privacy” of victims. A federal judge on Friday ordered the company’s identity unsealed anyway, as well as that of a second breached company, clothing retailer Wet Seal.
Comments