Data Theft Believed to Be Biggest Hack

Business Law

A hacker or hackers stole data from at least 45.7 million credit and debit cards of shoppers at off-price retailers including T.J. Maxx and Marshalls in a case believed to be the largest such breach of consumer information.

For the first time since disclosing the theft more than two months ago, the parent company of nearly 2,500 discount stores put a number on how much card data was compromised _ and it's a number TJX Cos. acknowledges could go still higher.

Experts say TJX's disclosures in a regulatory filing late Wednesday revealed security holes that persist at many firms entrusted with consumer data: failure to promptly delete data on customer transactions, and to guard secrets about how such data is protected through encryption.

"It's not clear when information was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was," said Deepak Taneja, chief executive of Aveksa, a Waltham, Mass.-based firm that advises companies on information security.

The case has led banks to reissue cards to customers as a precaution against further fraud beyond cases detected as far away as Sweden and Hong Kong, according to the Massachussets Bankers Association, which is tracking fraud reports linked to Framingham, Mass.-based TJX, parent company of stores across North America and the United Kingdom.

The only arrests believed tied to the case involve a gift card scam in which 10 people are suspected of buying data from the TJX hackers to purchase Wal-Mart gift cards in northern Florida. The group _ who aren't believed to have committed the TJX hack _ then used the cards to buy $1 million worth of electronics and jewelry at Wal-Mart's Sam's Club stores, according to Gainesville, Fla., police.

Information from 45.7 million cards was stolen from transactions beginning in January 2003 and ending Nov. 23 of that year, TJX said in the filing with the Securities and Exchange Commission after business hours Wednesday. TJX did not estimate the number of cards from which information was stolen for transactions occurring from Nov. 24, 2003, to June 28, 2004.

TJX said about three-quarters of the 45.7 million cards had either expired at the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. Starting in September 2003, TJX began masking the codes by storing them in computers as asterisks rather than numbers, the company said.

The filing also said another 455,000 customers who returned merchandise without receipts had their data stolen, including driver's license numbers.

With at least 46 million consumer records accessed, the TJX case outranks the previous largest case tracked by the Privacy Rights Clearinghouse: a June 2005 disclosure by credit card processor CardSystems that hackers accessed accounts of 40 million card holders.

Related listings

  • Investors Continue to Challenge Dean Food

    Investors Continue to Challenge Dean Food

    Business Law 03/26/2007

    [##_1L|1206532251.jpg|width="90" height="119" alt=""|_##]Socially concerned investors for the second year in a row have filed a shareholder proposal asking Dean Foods Co. (NYSE: DF) to report to shareholders how it is responding to widespread concern...

  • Recall of pet food hits close to home

    Recall of pet food hits close to home

    Business Law 03/19/2007

    More than 60 million cans of dog and cat food sold under dozens of brand names were recalled on Saturday after being linked to the deaths of 10 animals.The food was manufactured by Menu Foods, of Streetsville, Ontario, which makes wet food sold as st...

  • Downtown Los Angeles Revival Going Strong

    Downtown Los Angeles Revival Going Strong

    Business Law 02/14/2007

    Downtown Los Angeles is undergoing a real estate revival of epic proportions. And the Los Angeles Urban Redevelopment Group and its people are in the thick of it. In just the last few years, the number of downtown residents has increased by over 30%,...

New York Commercial Litigation Law Firm - Woods Lonergan PLLC

Founded in 1993 by Managing Partner James F. Woods, Woods Lonergan PLLC has built a strong reputation as a resourceful and industrious firm that provides clients with clear, concise, and straightforward answers to their most challenging legal issues. Partner Lawrence R. Lonergan, who joined the firm in 2008, has been a friend and colleague to Mr. Woods for over 40 years and shares the same business philosophy. Woods Lonergan PLLC’s collective experience and expertise enables the firm to expeditiously and effectively analyze the increasing challenges clients face in an evolving business and legal world, in many instances, avoiding unnecessary time and expense to our clients. Our mission is simple: provide cutting-edge expertise and sound advice in select areas of the law for corporate and business clients. We thrive on providing each client with personalized attention, forceful representation, and a collaborative team effort that embraces collective knowledge.

Business News

San Francisco Trademark Lawyer Our Firm has established a reputation for enforcing and protecting trademarks in the market place. >> read
San Francisco Corporate Law Lawyer The Firm’s Business and Corporate Practice provides service and expertise for a variety of businesses. >> read