TJX lost up to 45.6m card numbers (Credit Card/Social Security)

Source: The Register

/snip ... TJX has taken the crown for presiding over the largest credit card heist ever, with a tally of 45.6m numbers lost to unknown thieves who intruded on the US-based retailing giant's networks over a span of 17 months. Personal information, often including social security numbers, for at least 451,000 was also lifted.

There's no reason to believe the theft stopped there. The intruders were able to conceal much of the contents they looted and in the regular course of business TJX administrators deleted many of the files believed stolen. Investigators may never know the true extent of the pilfering, TJX warned.


/snip ... At risk are credit and debit card numbers for customers of TJ Maxx, Marshalls, HomeGoods and AJ Wright stores in the US and Puerto Rico, customers of Winners and HomeSense stores in Canada and customers of TK Maxx stores in the UK.

Read more: http://www.theregister.co.uk/2007/03/29/tjx_credit-card_debacle/

---

Very important warning particularly for US Credit/Debit card users

Repeating the warning; Customers of

TJ Maxx, Marshalls, HomeGoods and AJ Wright stores

I don't think that there are any of those stores within several hundred miles of where I live.

Our bank (small and locally owned), notified us as soon as they found out, and sent us new cards with new numbers and a letter of explanation.

This was maybe two months ago.

this is an old story.

Total number of records containing sensitive personal information involved in security breaches -

150,228,731 (1/10/2005-3/29/2007)



http://www.privacyrights.org/ar/ChronDataBreaches.htm

How hard would it be to buy-off a disgruntled insider to help access all that info?

And those bastids sat on that tidbit for months before telling anybody!!!

And now this!! More frigging bad news for regular people!

I meant to post this this morning but got involved in the Gonzo/Sampson - US Attn. hearings.

Thanks for posting the article and the reminder. Now I'll have a chance to read it. ;)

Two credit cards, and my debit card. Of course, all of this happened when I was traveling for work, so it was a real inconvenience. But at least they didn't get my personal information. it could have been worse.

http://www.privacyrights.org/ar/ChronDataBreaches.htm

Jan. 17, 2007 TJ stores (TJX), including TJMaxx, Marshalls, Winners, HomeSense, AJWright, TKMaxx, and possibly Bob's Stores in U.S. & Puerto Rico -- Winners and HomeGoods stores in Canada -- and possibly TKMaxx stores in UK and Ireland
(Framingham, Mass.)

U.S.: Call (866) 484-6978
Canada: (866) 903-1408
U.K. & Ireland: 0800 77 90 15
www.tjx.com


The TJX Companies Inc.experienced an "unauthorized intrusion" into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is "the leading off-price retailer of apparel and home fashions in the U.S. and worldwide."


UPDATE (2/22/07): TJX said that while it first thought the intrusion took place from May 2006 to January 2007, it now thinks its computer system was also hacked in July 2005 and on "various subsequent dates" that year.


UPDATE (3/21/07): Information stolen from TJX's systems was being used fraudulently in November 2006 in an $8 million gift card scheme, one month before TJX officials said they learned of the breach, according to Florida law enforcement officials.


UPDATE (3/29/07): The company reported in its SEC filing that 45.7 million credit and debit card numbers were hacked, along with 455,000 merchandise return records containing customers' driver's license numbers. Some data was encrypted, but apparently the key to decrypt the data was also compromised.


45,700,000 credit and debit card account numbers

455,000 merchandise return records containing customer names and driver's license numbers



Lots more at the link.