Computerworld reports that TJX Companies Inc. is offering three years of credit-monitoring services, as well as identity theft insurance coverage, to all consumers whose driver’s license or other personal data may have been compromised by the recent TJX data breach.

Consumers who had to replace their driver’s licenses because of the compromise will also be reimbursed for the actual replacement costs under a proposed consumer class-action settlement announced by TJX. Those whose driver’s license or other identification numbers were the same as their Social Security numbers will be reimbursed for “certain losses from identity theft,” the company said. Customers who had to change bank and credit card information because of the breach will receive vouchers redeemable in TJX stores.

The settlement is not yet final and is subject to court approval. It is also contingent on an independent evaluation of the information security enhancements implemented by the company in the wake of the breach.

“I think [TJX has] gotten off cheaply,” says Khalid Kark, an analyst at Forrester Research Inc. “My overall sense is that people aren’t really [as] concerned with these breaches as the media is. It seems like the reaction of the public is, ‘It’s not such a big deal.’ So people may be OK with this settlement.”

California may soon establish another precedent-setting data breach law, the Consumer Data Protection Act, following the state’s landmark 2003 measure that requires companies to publicly disclose breaches of their databases.

According to eWeek.com, the bill, which is awaiting Gov. Arnold Schwarzenegger’s signature, would require retailers responsible for lost data to reimburse banks and credit unions for breach notifications and credit card replacements. The financial institutions estimate it costs $12 to $15 each to notify consumers and mail them new cards. It would also prohibit retailers and other merchants that deal in credit card transactions from storing and retaining data taken from the cards’ magnetic strips.

In addition, the state’s notification requirements to consumers would be expanded to include the names of merchants who lost the data and the type of information potentially compromised by the breach. Merchants would not be liable for the reimbursement costs if they can prove they were in compliance with all state data security laws at the time of the breach.

According to Science Daily, Carnegie Mellon University computer scientists have created an interactive, online game, featuring a little fish named Phil, that teaches people to spot and avoid email “phishing” and other Internet scams.

Studies show that people who spent 15 minutes playing the Anti-Phishing Phil game were better able to spot fraudulent Web sites than people who spent the same amount of time reading anti-phishing tutorials or other online training materials. The game format of Anti-Phishing Phil proved particularly effective, improving the users’ accuracy from 69 percent prior to training to 87 percent after playing the game.

“We believe education is essential if people are to avoid being ripped off by these phishing attacks and similar online scams,” said Lorrie Cranor, associate research professor in the School of Computer Science’s Institute for Software Research and director of the CUPS Lab. “Unlike viruses or spyware, phishing attacks don’t exploit weaknesses in a computer’s hardware or software, but take advantage of the way people use their computers and their often-limited knowledge of the way computers work.”

Play the game online.

The Atlanta Journal-Constitution reports that Equifax, one of the top three credit reporting agencies, has announced that it will allow customers in the United States to freeze their credit reports.

This announcement came a day after TransUnion, another major credit agency, said that it will allow consumers to block their credit reports beginning Oct. 15. Freezes would be free of charge to identity theft victims.

After the TransUnion announcement, many large consumer rights groups encouraged the other two major credit bureaus, Equifax and Experian, to match or surpass TransUnion’s plan. Experian responded immediately. Equifax, which has been researching a freeze plan of its own, said it will have something in place next month.

Experian’s plan has yet to be outlined but it is expected to come soon. “Experian has been studying this matter for some time and is nearing the end of that process,” spokesman Donald A. Girard wrote in an e-mail Friday. “We expect to make an announcement on our decision in the near term.”

After years of fighting legislation, TransUnion, one of the three major credit bureaus, says it will allow individuals in all 50 states to freeze their credit. A credit freeze bars prevents the credit companies from issuing your credit history, the summary of loans and payments that forms the basis of your credit score. Because few lenders will issue credit without first seeing a credit score, putting a freeze on your information means identity thieves can’t use stolen Social Security numbers to fraudulently open new accounts.

TransUnion broke ranks with Experian and Equifax. USA TODAY reports that the three major credit bureaus have lobbied for two years to stop strong credit-freeze laws from being adopted at the federal and state levels. The bureaus disseminate credit histories used by lenders to issue credit cards, mortgages and other loans.

The service, which goes into effect Oct. 15, is a major victor for consumers, say consumer advocacy groups. “Consumers deserve the right to a low-cost security freeze that makes it easy to prevent crooks from opening fraudulent accounts,” says Gail Hillebrand, senior attorney for Consumers Union.