Between 20% and 30% of all New Englanders may have been affected by the recently disclosed data breach at Massachusetts-based retailer TJX Companies, according to the New Hampshire Bankers Association (NHBA).
That estimate is based on feedback the association has received so far from discussions with its 33 member banks, according to Jerry Little, president of the NHBA.
So far, 11 banks have reported being contacted by credit card companies about compromised card use, says Little. But indications are that all of NHBA’s members have been affected by the breach, he says. The association has sent a survey to all its members and will have a better estimate of the financial fallout by early next week.
The banks that have reported in so far “have had significant compromises,” Little says.
It’s been a more difficult to get a handle on the extent to which the compromised cards are being used in fraudulent transactions, he says. But a few of the banks have reported fraudulent use of cards that are on the list of cards compromised in the TJX breach, and in some cases, the fraud appears to have been going on even before the breach was disclosed by TJX last week, says Little.
It is still too early to say what the NHBA’s response will be to the incident, Little says. But the group is considering options that include legal action against TJX and a push for legislative reform that would hold breached entities financially liable for the costs associated with blocking and reissuing cards, he said.
Typically, a bank spends between US$5 (NZ$7.20) and $15 to replace a single card, which for a small bank can be quite steep, he says. A compliance process exists where banks can request at least a partial reimbursement from the acquiring bank — the bank that grants merchants the approval they need to accept credit cards. “I know of a number of institutions that have made these types of filings in the past, and they say they have never received a penny,” Little says.