TJX profit takes hit over data breach

The massive security breach at TJX Companies that exposed more than 45 million customers to identity fraud is hitting the bottom line big-time, if the company's second-quarter earnings report is any indication.

The retail company acknowledged it has spent $256 million dealing with the breach, which was first disclosed in January. That's more than 10 times the $25 million figure TJX cited in May.

Data security breach: Survey: Data breaches difficult to spot, prevent: IT pros worry that false positives and a lack of resources are preventing them from blocking data breaches, according to a survey conducted by the Ponemon Institute. Black Hat 2007: New database forensics tool could aid data breach cases - Database security researcher, David Litchfield of UK-based NGS Software will release a free Forensic Examiners Database Scalpel, he says could aid data breach investigations. PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned.

TJX said the expenses went into battening down its computer system and responding to a growing list of investigations and lawsuits against it.

According to TJX's latest earnings report, costs related to the data theft in the second quarter bit into TJX's profit by $118 million. Still, TJX said, strong sales continued during the same period, which it cited as proof that customers are not walking away.

TJX has acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate its network. The company gave a tally of the damage in a regulatory filing with the Securities and Exchange Commission (SEC) in March, and also acknowledged that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information.

The attackers reportedly began their assault on TJX by exploiting Wi-Fi weaknesses at a Marshalls clothing store near St. Paul. Investigators believe the thieves aimed a telescope-shaped antenna at the store and used a laptop to snatch data transmitted between hand-held price-checking devices, cash registers and the store's computers. The exploit eventually led them into the central database of TJX, where they would repeatedly rob the system of sensitive customer data.