Data from 45.7 million cards stolen during hacker heist, TJX reveals


Financial and personal information from at least 45.7 million credit and debit cards was stolen by hackers, according to The TJX Companies Inc., the U.S. parent of Canadian retailers Winners and HomeSense.

The data stems from transactions beginning January 2003 and ending Nov. 23 of the same year, the Framingham, Mass.-based company revealed in a regulatory filing with the U.S. Securities and Exchange Commission last week.

TJX, which operates more than 2,300 stores globally, first announced the security breach and resultant theft in January, but did not at the time disclose the number of credit and debit cards that were compromised – saying it did not yet know the full extend of the breach.

When the theft occurred, the filing says, around three-quarters of the cards had already expired, or data from their magnetic strips were concealed. Substituting numbers for asterisks is a practice the company began in September 2003.

According to the filing, another 455,000 customers who returned merchandise without receipts had their personal information stolen, including driver’s license numbers.

TJX did not provide the number of stolen cards for transactions occurring from Nov. 24 to June 28 of 2004.

Although it didn’t discover the computer breach until about three months ago, the company says systems were first compromised in July 2005.

The company has not identified a culprit and does not know if the crime was committed by a single, or multiple parties, the filing says. However, it did say “we believe that the intruder had access to the decryption tool for the encryption software utilized by TJX.”

No customer financial and personal data has been stolen after Dec. 18 of last year, when the company hired IBM Corp. and General Dynamics Corp. to investigate the incident.

TJX faces an investigation by the Federal Trade Commission, as well as lawsuits from banks and individuals who claim it did not adequately protect private data, and did not disclose the theft in a timely manner.

The company is continuing its forensic investigation into the incident, and is beefing up its computer system security, the filing says.

Authorities arrested six individuals in Florida last week, suspected of carrying out a fraud scheme using credit card numbers stolen from TJX. According to law enforcement officials, the suspects aren’t the actual hackers, rather they acquired the information from someone else.

The suspects bought large quantities of Wal-Mart gift cards using the stolen data, before redeeming the gift cards at other store locations.

The attack on TJX has made the company the biggest known victim, in history, of card fraud by hackers, according to industry observers.

TJX could not be reached for comment.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now