The TJX group of cut price clothing outlets has said its recently reported data breach was more widespread and customers of the TK Maxx subsidiary in the UK and Ireland are now more greatly at risk.
The firm had previously reported in January that it was concerned that TK Maxx customer transactions in the UK and Ireland could be involved. TJX’s investigation has now found evidence of an intrusion to the portion of its computer system that processes TK Maxx customer transactions.
While TJX continues to suspect that customer information may have been compromised from this portion of its network, the company has not been able to confirm any unauthorised access to customer data or any theft of customer data from TK Maxx.
In addition, while the company previously believed that the intrusion took place only from May 2006 to January 2007, TJX now believes its computer system was also intruded upon in July 2005 and on various subsequent dates in 2005.
TJX said it continues to believe there was no compromise of customer data after mid-December 2006.
In addition to the customer data the company previously reported as compromised, the firm now believes that information regarding portions of the credit and debit card transactions at its US, Puerto Rican and Canadian stores from January 2003 through to June 2004 was compromised.
The company had previously reported that the 2003 transaction data had potentially been accessed. For most of the transactions from September 2003 through to June 2004, some of the card information was masked at the time of the transaction, making that portion unavailable to the intruder.
Related article: TJ Maxx faces lawsuit over data breach
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
Comment on this article: [email protected]