The TJX
group of cut price clothing outlets has said its recently reported
data breach was more widespread and customers of the TK Maxx
subsidiary in the UK and Ireland are now more greatly at
risk.
The firm had previously reported in January that it was
concerned that TK Maxx customer transactions in the UK and
Ireland could be involved. TJX’s investigation has now found
evidence of an intrusion to the portion of its computer system that
processes TK Maxx customer transactions.
While TJX continues to suspect that customer information may
have been compromised from this portion of its network, the company
has not been able to confirm any unauthorised access to customer
data or any theft of customer data from TK Maxx.
In addition, while the company previously believed that the
intrusion took place only from May 2006 to January 2007, TJX now
believes its computer system was also intruded upon in July 2005
and on various subsequent dates in 2005.
TJX said it continues to believe there was no compromise of
customer data after mid-December 2006.
In addition to the customer data the company previously reported
as compromised, the firm now believes that information regarding
portions of the credit and debit card transactions at its US,
Puerto Rican and Canadian stores from January 2003 through to June
2004 was compromised.
The company had previously reported that the 2003 transaction
data had potentially been accessed. For most of the transactions
from September 2003 through to June 2004, some of the card
information was masked at the time of the transaction, making that
portion unavailable to the intruder.
Related article:
TJ Maxx faces lawsuit over data breach
David Lacey’s security blog
The latest
ideas, best practices, and business issues associated with managing
security
Comment on this article:
computer.weekly@rbi.co.uk