Fraudsters have stolen over 45 million credit card numbers from a well known retailer’s database.
Hackers accessed the database of TJX (TKMaxx in the UK) several times over a period of 4 years and only stopped when suspicious software was discovered in December last year.
The company revealed details in January about suspected fraudulent activity accessing customer card numbers but has only now revealed the full extent of the theft.
Apparently customers’ names and addresses were not stored on the same systems as the card numbers, and it is not thought Pin numbers could have been compromised.
People that have shopped in TK Maxx in the UK can call a helpline number set up to answer questions and provide help in establishing if you are at risk but BBC news teams were on hold for over half an hour and failed to make contact.
The number to call in the UK is 0800 779015
For Republic of Ireland 00 44 800 779015
LETTER FROM TJX’S PRESIDENT AND CEO
February 21, 2007
To Our Valued Customers:
As TJX’s President and Chief Executive Officer, I want our customers to know how much I personally regret any difficulties you may experience as a result of the unauthorized intrusion into our computer systems. We are working with leading computer security firms to investigate the problem and enhance our computer security in order to protect our customers’ data. We are dedicating significant resources to evaluate the issue. Given the nature of the breach, the size and international scope of our operations and the complexity of the way credit card transactions are processed, the evaluation is, by necessity, taking time.
Since we learned of the probability of a breach in mid-December 2006, we have cooperated with law enforcement as well as with the banks and credit card companies that process our customer transactions. Further, we have established customer helplines in three countries and are making available a great deal of helpful information on our company websites.
We are committed to continue to address the situation and to provide periodic updates as we learn more. We have reported updated information in a press release which you will find below.
Additionally, I encourage you to access the information we are providing on this website to learn more about steps you can take to protect your credit and debit card information, or to contact our special customer helplines.
With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers should feel safe shopping in our stores. We value the trust our customers place in us and again, I’d like you to know that we sincerely apologize for any difficulties you may be caused. Thank you for continuing to shop at our stores and for your years of loyal patronage.
President and Chief Executive Officer
More information is available from http://www.tjx.com/tjx_message.html with details of stores affected and what information they believe was stolen.
TJX has also responded to FAQ’s such as:
What are you doing to make sure this doesn’t happen again?
“Since discovering the problem, we have strengthened the security of our computer systems. Leading computer security and incident response firms General Dynamics Corporation and IBM have assisted us in further securing our computer systems and implementing additional security. We are also continuing our investigation. ”
Is it safe to continue shopping in your stores?
“We believe customers should feel safe shopping in our stores. The steps we have taken to strengthen the security of our computer systems have been, we believe, appropriate to protect the safety of credit and debit card and other customer transactions in our stores. ”
According to BBC reports several people have been arrested for receiving stolen credit card information but TJX have also responded to:
Do you know who the intruder was?
We do not know who the intruder was, or if there were one or more intruders.
So far there does not appear to be any involvement in the investigation by UK police or other UK crime prevention/investigation organisation/department/body.