The number of accounts compromised by the security breach at TJX Cos. is far larger than the 45 million reported in recent months, according to banks that are suing the retail giant.
The Boston Globe reported Wednesday that more than 94 million accounts were compromised in the breach, according to court documents filed by the banking group suing TJX. That number includes 65 million Visa account numbers and 29 million MasterCard numbers. The banks are suing the Framingham, Mass.-based retailer for the staggering cost of issuing new credit cards to those affected by the breach.
In a report issued last month by Canadian privacy officials, TJX was criticized for collecting far too much consumer data for far too long while failing to upgrade its Wi-Fi security to the stronger WPA encryption protocol.
At the time of the breach, TJX was using the Wired Equivalent Privacy (WEP) encryption protocol, an older security standard. Wi-Fi Protected Access (WPA) replaces the original WEP security standard. It is compatible with the latest standard, IEEE 802.11i, referred to as WPA2.
TJX has maintained that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate its network. The attackers began their assault on TJX by exploiting Wi-Fi weaknesses. The Canadian officials said Tuesday that the point of entry for the attackers was two Marshals stores in Miami.