By Tim Gray E-Commerce Times Part of the ECT News Network
03/29/07 1:31 PM PT
TJX this week revealed that its May 2006 data breach compromised at least 45.7 million customer credit and debit cards over the course of several years. Another 455,000 customers who returned merchandise without receipts had their personal data stolen, including driver's license numbers, the company stated, adding that the breach could be as far-reaching as the UK and Ireland.
Think you have to compromise on security to save on costs? Think Again. Trend Micro™ Enterprise Security, powered by the Trend Micro Smart Protection Network™, can lower your content security management costs by up to 40%. Find out just how much you’ll save with our TCO Impact Calculator.
Computer hackers swiped information from at least 45.7 million credit and debit cards of discount retailing giant TJX customers over the course of several years, the company confirmed this week.
TJX, the parent company of Marshalls, T.J. Maxx and several other national retail chains, first reported in January that hackers had breached a system that handles its credit card, debit card and check transactions in the United States and Puerto Rico.
Although officials from the Framingham, Mass.-based retail firm did not initially say how many customers had their data stolen by the computer hackers, the company did confirm the breach happened in May 2006 and involved credit card information dating back to 2003.
Government Filings
It was not until this week's filing with the Securities and Exchange Commission that consumers were provided the first detailed accounts of the extent of the breach.
In addition, another 455,000 customers who returned merchandise without receipts had their personal data stolen, including driver's license numbers, the company stated, adding that the breach could be as far-reaching as the United Kingdom and Ireland.
Just last week, police charged six people with using credit card numbers stolen from a TJX database to buy about US$1 million in merchandise with gift cards.
Across the Country
About three-quarters of the stolen cards had either already expired at the time of the theft, or data from their magnetic strips had been masked, according to TJX, which owns of about 2,500 stores.
However, the extent of the damage may never be known because many of the files had been deleted by TJX in the normal course of business, the company stated.
TJX stores accept the major credit card brands, including Visa, MasterCard, American Express and Discover.
Visa in January said it provided information about the affected accounts to the banks that issued its cards so they could take steps to protect their consumers. Visa also noted that consumers are not responsible for any fraudulent purchases.
Online Problems
Although TJX is unsure how the hackers gained access to its system, the increase of personal data being moved online has also increased the risk of losing personal information.
"In recent years, the list of companies and organizations reporting breaches has increased dramatically," Rob Ayoub, an industry manager of network security at research firm Frost & Sullivan, told the E-Commerce Times.
Reports of attacks on personal data are likely just skimming the surface of what is actually happening, he added.
Over the past few years, there have been a number of large-scale breaches, including the disappearance of backup tapes containing the Bank of America (NYSE: BAC) credit card information of 1.2 million federal workers and the theft of more than 300,000 customers' personal information at data broker LexisNexis.
Online Problems
Nevertheless, it isn't always big business that hackers are focusing on. A number of large universities also have been the victims of theft.
The seeming increase in incidents of data and identity theft is likely a combination of factors, including greater awareness of the issues and stiffer penalties for companies that do not readily disclose the breaches, Ayoub concluded.
TraceSecurity CTO Jim Stickley: Robbing Banks With Impunity March 28, 2007
TraceSecurity is a security-compliance firm that assists financial institutions with protecting their customer's personally identifiable information -- sometimes by attempting to break into their networks. "A few years ago this type of service was much like trying to sell ice to Eskimos," said CTO Jim Stickley. "Now people call us. They realize the need for security."
Related Stories
Related News Alerts
More by Tim Gray
Blockbuster Lowers Subscriptions Rates June 13, 2007
Blockbuster will now offer a new plan allowing customers to place online orders to rent three movies at a time for $16.99, a dollar less than its previous top-tiered offering, called Total Access. The movies are mailed to the customer. Blockbuster is losing money on the online business but says it will be profitable next year as orders rise.
Toshiba Slashes HD DVD Sales Targets June 12, 2007
Toshiba now expects to sell 44 percent fewer HD DVD players than forecast this year. The slump comes at a critical time for the company, as the market still has not shown which high definition disc player format will dominate. Blu-ray Disc technology, rival of the HD DVD format, already has a foothold in 170 major companies.
Jobs: We Also Make Computers June 12, 2007
Apple provided at its annual developer conference a peek at some of the 300 new features of "Leopard," the company's latest operating system, which is slated for October release. The computer maker will also make its Safari Web browser available for users of Microsoft's Windows operating system.
Headline Feeds
chains, first reported in January that hackers had breached a system that handles its credit card, debit card and check transactions in the United States and Puerto Rico.
Talkback: 
