It’s a good time to be a cybercriminal. There are more victims to target, there is more data to steal, and there is more money to be made from doing so than ever before.
It would seem to follow, then, that there’s been very little progress since 2007, when hackers stole at least 45.6 million credit-card numbers from the servers of TJX, the owner of TJ Maxx and Marshalls, catapulting the now-commonplace narrative of the massive data breach to national prominence.
But the truth is that the forces of cyber law and order have made lots of headway in the past decade. There are still large-scale data breaches, but credit-card companies are getting better at detecting them early and replacing customers’ cards as needed, payment networks are pushing microchip-enabled cards that render transaction data worthless to criminals, and law enforcement has gotten smarter and savvier. Just ask Albert Gonzalez, who masterminded the TJX breach and is currently serving a 20-year prison sentence.