Home > Security News > TJX data breach worse than initially feared
Security News:
EMAIL THIS LICENSING & REPRINTS

TJX data breach worse than initially feared

By Dennis Fisher, Executive Editor
21 Feb 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

After a month of investigation, officials at TJX Companies Inc. said Wednesday that the massive data breach the company disclosed in January is even worse than they originally thought.

Until now, the company believed that attackers had access to its network between May 2006 and January 2007. However, the ongoing investigation has turned up evidence that the thieves also were inside the network several other times, beginning in July 2005.

Officials also said that the scope of the data accessed in the attacks is larger than they had previously disclosed. TJX originally said the thieves had access to a "relatively small number" of drivers license numbers and customer names. Now, however, it turns out that number is larger than company officials thought last month, although they're not saying exactly how large.
Data breach:
How to survive a data breach

Complying with breach notification laws

Column: Federal government pushes full-disk encryption

Survey: Data breach costs surge

Data breach at Boeing exposes 382,000 employees

Hacker exploits UCLA database

Column: Schneier: Data breach at UCLA barely newsworthy

The company also disclosed that more credit card and debit card data was at risk. Customers who used their cards at the company's stores between January 2003 and June 2004 are now known to be at risk, as well.

TJX also discovered that the portion of its network that processes transactions at its stores in England and Ireland had been compromised, but they have not found any evidence that the crackers accessed customer data.

TJX officials emphasized that the investigation into the attacks is still ongoing and that more information on which data was accessed when could be forthcoming.

"Our investigation is ongoing and we are providing an update today on new developments. We are dedicating substantial resources to investigating and evaluating the intrusion, which, given the nature of the breach, the size and international scope of our operations, and the complexity of the way credit card transactions are processed, is, by necessity, taking time," said Carol Meyrowitz, president and CEO of TJX, based in Framingham, Mass. "We value our customers' trust and I want our customers to know that I am deeply committed to continuing to address the security of our computer systems."

The TJX breach first came to light in late January, although company officials had discovered it a month earlier. The company has been working with law enforcement agencies and security experts to assess the scope of the attacks and potential damage.

Sound Off! -   


Tags: Identity Theft and Data Security BreachesVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts