T.J. Maxx Update : 45.7 milions compromised credit cards

Security Incidents : T.J. Maxx Update : 45.7 milions compromised credit cards

Posted by Max on 2007/4/2 17:17:53 (1798 reads)

For the first time since unveiling the security breach more than two months ago, TJX put a number on how much card data was compromised : 45.7 milions - and it's a number TJX Cos. admits could go still higher.

"It's not clear when data was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was," declared Deepak Taneja, chief executive of Aveksa, a Waltham, Mass.-based information security company.

The case has forced banks to reissue cards to customers as a safety measure against further fraud beyond cases detected as far away as Sweden and Hong Kong, according to the Massachussets Bankers Association, which is tracking fraud reports linked to Framingham, Mass.-based TJX, parent company of stores across North America and the United Kingdom.

The only arrests believed tied to the case involve a gift card scam in which 10 people are suspected of buying data from the TJX hackers to pay for Wal-Mart gift cards in northern Florida. The group - who aren't believed to have hacked TJX - then used the cards to buy $1 million worth of electronics and jewelry at Wal-Mart's Sam's Club stores, according to Gainesville, Fla., police.

Information from 45.7 million cards was stolen from transactions beginning in January 2003 and ending Nov. 23 of that year, TJX said in the filing with the Securities and Exchange Commission after business hours Wednesday. TJX did not estimate the number of cards from which information was stolen for transactions occurring from Nov. 24, 2003, to June 28, 2004.

TJX said about three-quarters of the 45.7 million cards had either expired at the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. Starting in September 2003, TJX began masking the codes by storing them in computers as asterisks rather than numbers, the company said.

The filing also said another 455,000 customers who returned products with no receipts had their data stolen, including driver's license numbers.

Previous article - Next article

Other articles
2009/7/1 13:22:13 - Ultimate Firewall : Location Aware WLAN Firewall by Trapeze Networks
2009/6/28 16:04:09 - New Panda 2010 Ultra-Ligh Security Products
2009/6/24 17:08:30 - Red Condor's Spam Trip Wire Detects a New Computer Virus
2009/6/22 4:32:25 - Finjan's Research Unveils Botnet Trading Platform for Hacked PCs
2009/6/22 4:23:14 - Panda GateDefender Integra Delivers 'Plug and Protect' UTM Security Appliance
2009/6/16 15:42:26 - SanDisk Cruzer Enterprise Wins 2009 Product Innovation Award
2009/6/9 9:02:20 - Weekly $100 Sweepstake Launched By BestSecurityTips.com
2009/6/8 11:29:49 - Paretologic Released a New Free Online Malware Scan
2009/6/8 11:13:17 - New Release of Djigzo Open Source Email Encryption Gateway
2009/5/31 17:27:39 - New BitDefender Online Scanner Released

The comments are owned by the poster. We aren't responsible for their content.