Published in News
TJX data breach much broader than thought
by David Stellmack on25 October 2007
Nearly double the number of accounts
The staggering computer data breach at The TJX Companies, Inc. may be worse than previously expected: new documents filed as part of court filings indicate that at least 94 million Visa and MasterCard accounts processed by TJX may have been compromised.
This number is nearly twice the previous estimate by the retailer, according to court files. The court filings cite Visa and MasterCard security officials as the source of the increase in the number of accounts affected by the security breach at TJX. The filings are part of a lawsuit filed by several banks and banking associations against TJX and also against Fifth Third Bancorp, the bank that handled TJX’s credit card transactions, to attempt to recover some of their breach-related losses.
Depositions taken in the case reportedly claim that fraud-related losses of credit card numbers range from $68 million to $83 million and will only increase as thieves continue to use the data from compromised cards. This latest estimate is far higher than TJX's original disclosure of 45.7 million accounts compromised, in what is generally acknowledged by security experts as the biggest data breach yet. TJX has apparently indicated that it stands by its original number of 45.7 million accounts.
TJX declined to comment on the court filings, but a spokeswoman claimed that the company is sticking with original figure, and that up to 75 percent of the compromised credit card accounts had either expired or the data was masked (appearing as asterisks instead of numbers) at the time of the security breach. There have been no arrests for the break-in into TJX's computer systems, although six people were convicted in Florida for being part of a ring that used stolen TJX customer data for purchases of gift cards and merchandise worth at least $1 million.
The TJX digital break-in is the largest among a series of breaches that have happened to other companies and potentially exposed their customers’ confidential data. Recently, a contractor for The Gap retail stores was blamed for losing laptops that contained confidential data of about 800,000 people who had applied for jobs at the company.
And an college IT intern working on implementation of the new $158 million Ohio Administration Knowledge Systems project (the State of Ohio’s new payroll and accounting system) that is being managed by outsourcing giant, Accenture LLP, was instructed to bring home with him every night a data tape containing all of the backup confidential information of more than 65,000 State of Ohio employees, 225,000 Ohio taxpayers, thousands of Ohio teachers, the social security numbers and addresses of all Ohio lottery winners as well as data on 85,000 welfare recipients. The intern claims that he was never given specific instructions on what to do with the data tape other than to bring it home; thus, he left it in his unlocked car one night and the data tape was stolen. This huge data breach has cost the State of Ohio almost $4 million so far and the tape has not been recovered.
Read more here.