First Damage Report On The T.J. Maxx And Marshalls Security Breach

Security Incidents : First Damage Report On The T.J. Maxx And Marshalls Security Breach

Posted by Max on 2007/1/25 5:28:25 (1073 reads)

Client data stolen from TJX Cos. by computer hackers has been used to make illegal debit card and credit card acquisitions in the United States and abroad, the Massachusetts Bankers Association said Wednesday. The fraudulent purchases have been made in Florida, Georgia, and Louisiana, and overseas in Hong Kong and Sweden, the association declared.

Nearly 60 banks have reported they've been called by credit and debit card companies about compromised cards, the association said. The number is likely to increase because fewer than half of the association's 205 banks have reported to it on the issue.

"We expect that this is going to continue and the fraud may widen," said association spokesperson Bruce Spitzer. "This is just the first reports we have confirmed."

The state association's report of fraud is amongst the first in the country since TJX disclosed the breach last week. On Tuesday, the Vermont Bankers' Association said a bank it refused to name had been told by TJX that more than 1,600 of the bank's customers had their account numbers compromised.

Framingham-based TJX _ operator of T.J. Maxx and Marshalls discount stores, as well as HomeGoods and A.J. Wright in the U.S., Winners and HomeSense in Canada, and T.K. Maxx in Britain _ did not instantly return a call seeking comment Wednesday.

Last week, TJX said hackers had broken into a system that handles credit and debit card transactions, as well as checks and goods returns for customers in the U.S. and Puerto Rico and may involve customer accounts from the United Kingdom and Ireland.

The company said the stolen customer information included data from 2003 transactions, as well as information from mid-May 2006 through December, when the company discovered the breach. TJX has refused to say how many customers had their data stolen or accessed.

Avivah Litan, a data security analyst for Garter Inc., said it may be difficult for the company to determine the scope of the breach because the thieves had a lot of time to sell and circulate the information before the hack was discovered.

"They can't put a wall around it," she said. "That's what so disconcerting about it."

Credit card companies have noted that consumers are not responsible for fraudulent acquisitions. Spitzer said state banks are notifying customers about fraudulent purchases and reissuing cards in some cases.

Previous article - Next article

Other articles
2008/10/9 14:10:42 - Google Trends Used to Promote Fake Anti-Virus Software
2008/10/9 13:50:47 - Spam, Child Porn, Illegal Pharmaceuticals, and Stolen Data Make The Web Axis of Evil
2008/10/8 12:22:22 - New Anti-Phishing Service by BluePrint On National Cyber Security Awareness Month
2008/10/7 16:17:07 - Adware Released As Fake Antivirus Increases
2008/10/2 15:30:28 - Agnitum's Outpost Security Suite Pro Gains Another VB100% (on Windows Server 2008)
2008/10/2 15:21:49 - New FREE Security Tools From Verizon
2008/9/30 17:45:27 - SkyRecon Adds Anti-Virus Protection (AVP) to Its StormShield Security Suite
2008/9/30 17:32:11 - IdentitySecure, The New Identity Theft Protection Program from Affinion
2008/9/30 17:13:08 - Web Application Security Mythbusters by Cenzic Inc.
2008/9/30 17:03:58 - Disk Doctors Announces Support For The Hurricane IKE and Gustav victims

The comments are owned by the poster. We aren't responsible for their content.