by CIO Staff

TJX Breach Worse Than First Reported

Feb 22, 20072 mins

According to The Boston Globe today, TJX Companies has stated that a data breach it revealed last month may have occurred a year earlier than investigators initially thought. The company operates the retail outlets T.J. Maxx, Marshalls and HomeGoods (2,500 stores in the United States), so the earlier date of the hacking may mean millions more customers were exposed. The company declined to give numbers, however.

TJX discovered the breach in December 2006, and it made news on Jan. 18, 2007. At that time the company reported that hackers may have made off with credit and debit information from transactions in the United States, Canada and Puerto Rico from some months in 2003 as well as transactions between May and December 2006.

Yesterday, according to the Globe, TJX said a systems review revealed that intrusions had occurred as early as July 2005, not May 2006.

This trickle of data breaches spread over time led some experts to judge the corporation’s computer systems outdated, weak and not up to card-company security standards.

The TJX website has the words “Important Customer Alert” prominently displayed on its homepage. Clicking on it brings up a Feb. 21 letter from Carol Meyrowitz, president and CEO of TJX, which apologizes for the inconveniences, assures consumers the company is investigating the breach and that, “With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers should feel safe shopping in our stores.” TJX Chairman Ben Cammarata had released a similar, if less contrite, letter on Jan. 29. (For a reaction, see David Rosenbaum’s blog.)

TJX stock fell only 2 percent yesterday after the company’s latest. As the Globe says, “A test for TJX now is whether shoppers will be turned off by the lack of details about the security breach, or simply dismiss the matter as an unavoidable shopping risk.” Many businesses will be watching the results of that test.

—Sandy Kendall

Related Links:

  • Data Breaches: Preparation, Damage Control and a Recent History

  • This Breach Is Different

  • Data Breaches, Damage Control and Recent History