No identity thefts yet in Canada, but many cases happening in United States 

Officials at Royal Bank of Canada (RBC), Bank of Montreal (BMO), and TD Bank/Canada Trust all indicated no cases of fraud stemming from the security breach at Massachusetts-based TJX Company Inc. A Visa spokesperson in Canada also said she has not seen any ID thefts arising from the case.

This is great news for an unspecified number of Canadians, who have their financial identities at risk after TJX announced last Friday that the multinational company had "suffered an unauthorized intrusion into our computer systems that process and store information related to customer transactions."

TJX founder and acting Chairman of the Board Ben Cammarata added: "While there is much we still have yet to understand about this issue, I can assure you that we are taking steps to safeguard confidential information and working closely with law enforcement in the U.S., Canada and UK so that those responsible for this act will be brought to justice."

To their credit TJX appears to be taking steps to help consumers protect their credit and debit card information with a wide variety of online credit information and toll-free help lines in each country affected - Canada (866-903-1408), United States of America (866-484-6978), Great Britain (0800 779015) and Republic of Ireland (00 44 800 779015).

The company is even considering offering free credit monitoring services to anyone affected by the hacker violation. (Just to be safe, you might consider contacting Equifax Canada or TransUnion Canada for your online Canadian credit report).

 Consumers angry with the delay in reporting identity thefts

However, many Canadian, American and British consumers are angry with the length of time it took to be notified about the hacking.

One Ontario woman explained that she had decided to cancel her MasterCard but was holding off on doing the same with her Visa credit card. "We always monitor our statements very closely when they come in anyway. And we will certainly continuing to do so," she said, preferring to remain anonymous.

She was unhappy with the way TJX had handled the disclosure. "The thing is, it has taken them a month to come forward and inform people" who shop at Winners fashion stores and Home Sense household stores.

TJX also operates more than 2500 stores in the USA under the chains TJ Maxx, Marshalls, Homegoods, Shoppers' World and Bob's stores. The first fraud victims are now coming forward.

"I was appalled.  It just seams like incompetence all around.  There's no need of that.  You know, somebody's not paying attention," said an unnamed consumer. "I still think that they waited for the Christmas shopping period would be over with before they told people about it."

So far in New England alone, banks have found some $200,000 compromised credit and debit card accounts.  That number will likely skyrocket when larger banks like Bank of America report the results of their own investigations to the state.

"We're reaching out to consumers and telling them, you need to be extra vigilant now because we now know that fraud is occurring," said Bruce Spitzer, Massachusetts Bankers Association.

No need to panic say Visa and MasterCard spokespeople 

Officials for Visa and MasterCard Canada said that consumers are protected if they are the victims of credit card fraud. They advised cardholders to watch their statements carefully and notify the toll-free numbers if suspicious transactions show up.

"Visa Canada and Visa USA are working with law enforcement and the TJX Companies, Inc. to investigate a compromise of card account information from the retailer's system. All major card brands accepted by the retailer are affected by the compromise," a statement issued by Visa said.

"Visa is providing the affected accounts to financial institutions so they can take steps to protect consumers. In addition, Visa issuers are using neural networks and risk-scoring tools to distinguish fraudulent transactions from legitimate ones."

Visa Canada spokeswoman Tania Freedman said the company couldn't comment in details, citing ongoing police investigations in Canada and the United States of America.

MasterCard's Jennifer Reed said cardholders should contact the bank, trust company or other financial institutions. "But I think it's important for consumers to go about their daily business and not get into a panic over this," Reed said.

"We continue to work with our issuers to ensure that they're monitoring for suspicious activities and take the necessary steps to protect cardholders. "It's important for consumers to know that the issuing banks are monitoring transactions on a daily basis, throughout the year, to ensure the safety of the system."

Consumer watchdog wants federal legislation now to better protect Canadians 

However, at least one consumer watchdog organization wants federal politicians to do more to protect Canadians.

Two weeks ago, a group affiliated with the University of Ottawa called on the federal government to enact a law that requires organizations to notify individuals when their personal information may have been stolen due to a security breach.

A report by Philippa Lawson, a longtime consumer advocate now at the university's Canadian Internet Policy and Public Interest Clinic, says that individuals may be "unwitting victims" if they're not notified when there's a security breach.

"Yet organizations, especially those in competitive markets, have little incentive to disclose their security failures voluntarily, given the costs and the damage this can do to their reputation," says a CIPPIC research paper released Jan. 9.

CIPPIC argues that the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and similar laws in Alberta, British Columbia and Quebec could be amended to make such notification mandatory and set out guidelines for doing so.

Lawson believes that massive identity thefts like the TJX breach could provide a push for Canadian politicians to act.

"Legislators usually want to see evidence of a problem before they act on it, and this is just one more example of a serious security breach that exposes many Canadians to a serious risk of identity theft and related fraud," Lawson said.

She added that a House of Commons committee that is reviewing the federal act seemed interested in CIPPIC's proposal for a notification requirement at hearings last fall. "I think there's a good chance that it will go through, because it makes so much sense," Lawson said.