The TJX hack has been revealed as the biggest ever
breach of personal data.
US Securities Exchange Commission filings by the firm show that
45.7m credit and debit card numbers were stolen over a period of 18
months.
The scale of the hack means it passes the Cardsystems breach in
2005, which exposed more than 40 million credit cards.
Hackers are said to have planted unauthorised software on TJX's
computer network, to enable them to steal at least 100 files
containing data on millions of accounts from systems in Framingham,
Massachusetts and Watford in the UK.
TJX recently confirmed that customers of the TK Maxx chain in
the UK were at risk of fraud as a result of the hack.
It is also believed that the hackers were able to crack TJX’s
data encryption system, and also grab unencrypted data during the
retail payment process.
TJX said the hack had so far cost it $5m (£2.63m) to deal with,
although the losses are expected to go up steadily as the thieves
start to cash in.
Criminals are reported to have already used the stolen card
details to conduct fraud in several US states, along with Hong Kong
and Sweden.
TJX sued over non-disclosure of data theft details
Regulator offers clues on TJX security failings
Comment on this article:
computer.weekly@rbi.co.uk