TJX data breach worse than initially feared

Dennis Fisher

After a month of investigation, officials at TJX Companies Inc. said Wednesday that the massive data breach the company disclosed in January is even worse than they originally thought.

Until now, the company believed that attackers had access to its network between May 2006 and January 2007. However, the ongoing investigation has turned up evidence that the thieves also were inside the network several other times, beginning in July 2005.

Officials also said that the scope of the data accessed in the attacks is larger than they had previously disclosed. TJX originally said the thieves had access to a "relatively small number" of drivers license numbers and customer names. Now, however, it turns out that number is larger than company officials thought last month, although they're not saying exactly how large.

Data breach:
How to survive a data breach

Complying with breach notification laws


Column: Federal government pushes full-disk encryption

Survey: Data breach costs surge

Data breach at Boeing exposes 382,000 employees


Hacker exploits UCLA database

Column: Schneier: Data breach at UCLA barely newsworthy

The company also disclosed that more credit card and debit card data was at risk. Customers who used their cards at the company's stores between January 2003 and June 2004 are now known to be at risk, as well.

TJX also discovered that the portion of its network that processes transactions at its stores in England and Ireland had been compromised, but they have not found any evidence that the crackers accessed customer data.

TJX officials emphasized that the investigation into the attacks is still ongoing and that more information on which data was accessed when could be forthcoming.

"Our investigation is ongoing and we are providing an update today on new developments. We are dedicating substantial resources to investigating and evaluating the intrusion, which, given the nature of the breach, the size and international scope of our operations, and the complexity of the way credit card transactions are processed, is, by necessity, taking time," said Carol Meyrowitz, president and CEO of TJX, based in Framingham, Mass. "We value our customers' trust and I want our customers to know that I am deeply committed to continuing to address the security of our computer systems."

The TJX breach first came to light in late January, although company officials had discovered it a month earlier. The company has been working with law enforcement agencies and security experts to assess the scope of the attacks and potential damage.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: