Retailer reports massive data breach

The TJX Companies, a large retailer that owns T.K. Maxx in the UK said yesterday it suffered a massive computer breach on a portion of its network handling credit card, debit card, cheque and merchandise transactions in the US and abroad.

Share

The TJX Companies, a large retailer that owns T.K. Maxx in the UK said yesterday it suffered a massive computer breach on a portion of its network handling credit card, debit card, cheque and merchandise transactions in the US and abroad.

The US company, which operates over 2,000 retails outlets under brands such as Bob's Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright, did not know the extent of the breach, which was first discovered in December. But transactions from T.K. Maxx in the UK and Ireland, along with other brands' customer data may have been exposed in the breach.

But hackers may have made off with credit and debit information from transactions in the US, Canada, and Puerto Rico in 2003 as well as transactions between May and December 2006, according to a company statement.

Banking officials say that the TJX breach is behind a recent warning by Visa to banks in Massachusetts, which have contacted customers in recent days and had to reissue thousands of ATM and debit cards. In the end, the hack may affect a wide range of credit card companies and thousands of consumers in the US, as well as the UK and Ireland, experts say.

TJX said it is working with suppliers IBM and General Dynamics to investigate the breach, which is believed to have occurred on computer systems that process and store information on customer transactions for a number of its brands.

TJX said it knows of "a limited number of credit card and debit card holders whose information was removed from the system," and has provided that information to credit card companies. TJX is also working with law enforcement, including the US Department of Justice, Secret Service, and Royal Canadian Mounted Police, TJX said in its statement.

The company said it does not yet have enough information to determine the extent of the breach or what other customer information may have been compromised, nor can it quantify the financial impact of the breach.

Find your next job with computerworld UK jobs