Montgomery Ward had a data breach. Hackers accessed the company’s data base and over fifty thousand (50,000) customers had their personal, confidential information compromised. Montgomery Ward compounded the problem by not informing their customers of this breach of security:

“NEW YORK (AP) — An old name in retail was hit by a modern scourge — a hack of its customers’ credit card numbers — but didn’t inform the consumers, revealing how data breaches might be heavily undercounted even with new notification laws.

At least 51,000 records were exposed in the breach at the parent company of Montgomery Ward…”

link: Wards didn’t tell consumers about credit card hack

Identity theft laws for notifying possible victims of a security breach vary from state to state. Lawyers for Montgomery Ward may argue that the legislation for the location of the security breach did not enjoin the company to notify their customers. Perhaps there is legal precedent or some other rationale for this behavior. Nevertheless, Montgomery Ward did not act to protect their customers. By not notifying their customers that they were exposed to financial risk, the company’s behaviour was reprehensible and irresponsible. Undoubtedly, lawsuits will follow and the lawyers for Montgomery Ward will have pending litigation concerning this matter.

The question that this raises is ‘how many other security breaches go unreported?’. This is a question that concerns every consumer who entrusts a merchant, every student who places confidence in an educational institution, every citizen who confers responsibility onto the government…

Without severe data breach laws and strict enforcement of that legislation, the hackers win. The ordinary citizen just does stand a chance.

Catherine Forsythe