TJX Data Breach Occurred Over 45.7M Credit Cards

Computer attackers hacked and misappropriated information from no less than 45.7 million credit/debit cards belonging to customers of major retailing company TJX, over many years, confirmed the company in the end week of March 2007.

TJX made the security breach public on January 2007 but filed a report with the SEC on March 29, 2007.

Albeit Framingham, Mass.-based retailer's officials did not say early on about the number of customers who had suffered the hack, the company confirmed May 2006 as the time of the breach that stole credit card details of far back in 2003.

Only in the third week of last month police arrested six people involved with stolen credit cards from the TJX database to shop gift cards worth U.S. $1m.

Although according to TJX the validity of almost 75% of the cards had expired or had hidden identity with magnetic stripe data when the theft had occurred, the incident was historically the largest credit card theft. It also indicates what consequences companies face when they do not adequately secure cardholders' information.

While there were masking and encryption techniques in use by Framingham's system, the miscreants succeeded in pilfering credit card details during the process of transaction approval. In this process there is transmission of data to card issuers devoid of encryption, the filing said.

TJX stores allow payment from credit cards of only brands like Visa, American Express, Discover and MasterCard.

Visa said that in January 2007 it reported to the card issuing banks about the affected accounts to enable them to prepare for their customers' protection. Visa does not blame consumers for any deceptive purchases.

Over the past few years there had been a dramatic rise in the number of companies and organizations suffering breaches, told Rob Ayoub, a manager of network security at research firm Frost and Sullivan, to The E-Commerce Times. A number of breaches occurred on a large-scale, for instance the theft of back-up data of Bank of America credit card details of 1.2 million federal employees and the disappearance of personal information of 300,000 or more customers from databases of LexisNexis, a reputed data broker.

Related article: TCU Graduate Seeks Professional Help to Invade University Network

» SPAMfighter News - 4/4/2007