By the way, the link within the body if the comment wasn’t even formatted right. Why don’t you learn how to use your spambot software correctly or just go find yourself a real job. McDonald’s may be hiring if you’re lucky.

Moron.

I did indeed check out the URL you posted and ended up over at Michael Janke’s blog where you guys had a good exchange.

I have to come down on Michael’s side on this one.

Aside from all the legal issues, which I certainly do not feel qualified to talk about with any authority, what personally irked me so much was that they were keeping credit card information stored in their systems for so long.

What would be the purpose of that? After a certain and reasonable amount of time, that type of information should be deleted instead of being left in a database somewhere waiting for some hacker to come scoop it up.

Certainly, it may need to be retained for a while in the event of a fraud investigation, and having been on the merchant side of a few “charge backs” myself, I know that they normally take two or perhaps three months before credit card fraud is discovered.

In my view, they had no reason to be retaining that kind of data for that long. Ass I believe I mentioned, my wife shopped at a TJX store during the time that the hackers were accessing TJX systems. Fortunately, we did not encounter any problems as a result but were issued new credit and debit cards by our credit union as a precaution.