Hacking brings Identity Theft to Forefront

When computer hackers stole credit card information from thousands of BJ's Wholesale customers in 2004, they used names, addresses and account numbers to make duplicate cards and buy millions of dollars worth of goods in other people's names. Just as state laws aimed at protecting customers from similar identity thefts were about to take effect last month, thousands of customers of T.J. Maxx and other stores owned by the Massachusetts-based TJX Companies learned their personal information had been stolen by hackers who tapped a customer database.

State banking leaders and company officials do not yet know the extent of the TJX data breach - including how much information was stolen, how it was done or what it is being used for - but industry analysts and lawmakers wonder whether enough is being done to protect customers' private information.

"Somebody needs to look at why retailers are storing this information and whether it's okay for them to do that," said Gerald Little, president of the New Hampshire Bankers Association. "Clearly, we had the BJ's situation. Now we have TJX. There's a weak link there."