Theft of 45.6M card numbers largest heist yet

TJX data breach is called the biggest ever

After more than two months of refusing to reveal the size and scope of the high-profile intrusion into its systems, The TJX Companies finally disclosed details about the extent of the compromise.

In filings with the US Securities and Exchange Commission, the company said 45.6 million credit and debit card numbers were stolen from two of its systems over a period of more than 18 months by an unknown number of intruders.

That total eclipses the 40 million records compromised in the mid-2005 breach at the former CardSystems Solutions, and makes the TJX incident the worst publicly disclosed compromise involving the loss of personal card data.

Personal data provided in connection with the return of merchandise without receipts by about 451,000 people in 2003 was also stolen, the filing said.

Gartner analyst, Avivah Litan, expressed surprise at the scope of the breach. "I had heard rumours that it was bigger than CardSystems, but I was still somewhat shocked it was actually this big," he said.

"It proves there are very sophisticated cyber-criminals out there who have the potential to wreak havoc on pure-payment systems. If this isn't a wake-up call for stronger card and payment system security, I'm not sure what is."

In its filing, TJX said it was in the process of contacting individuals affected by the breach.

"Given the scale and geographic scope of our business and computer systems and the time frames involved in the computer intrusion, our investigation has required a substantial period of time to date and is not completed," the company said.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: Gartner, Securities and Exchange Commission
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers

4 things to do now to get ready for the Internet of Things

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia