Network News

X My Profile
View More Activity

TJX Breach Was Twice as Bad as First Reported

The largest digital data theft ever recorded was bigger than originally thought. TJX, the Massachusetts retail giant that earlier this year disclosed that a series of network and computer intrusions had compromised more than 45 million credit- and debit-card numbers, may have lost more than twice that number, according to reports.

A group of banks suing TJX over the compromises now claim that more than 94 million accounts were affected in the break-ins, according to The Boston Globe. The thefts included about 65 million Visa account numbers and roughly 29 million MasterCard credentials.

TJX believes intruders stole the data via insecure wireless networks at two Marshalls stores in Miami. That's a pretty expensive security "oops." From the Globe story:

"Several analysts have estimated that the total costs to TJX could ultimately run as high as $1 billion, including legal settlements and lost sales." To date, though, it doesn't appear as though consumers are holding it against the company. The Globe notes that sales figures reported by TJX suggest that shoppers at TJX stores such as TJ Maxx and Marshalls have not been put off by the breach.

Read the Globe's full story here.

By Brian Krebs  |  October 24, 2007; 11:37 AM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Adobe Fixes Reader, Acrobat Vulnerabilities
Next: Firefox Update Plugs 8 Security Holes


I have to admit that I'm surprised that TJX didn't "get bad news out" faster. Their initial reporting was sparse, which is bad PR for a trust related issue. To then learn the impact was larger through the media via the courts is a giant thumb in the eye of consumers. If you've already taken a PR hit, one would expect you would want to control subsequent messages.

Posted by: George Bounacos | October 24, 2007 11:56 AM | Report abuse

This article proves that the biggest personal/financial compramise was due to a lack in wireless security. When all metro areas provide hotspots to the public, just think of the increased compramises.

Posted by: SecAnalyst | October 24, 2007 9:26 PM | Report abuse

This does not surprise me at all. Companies are not in business to maxamize how badly one of their mistakes might have REALLY hurt their customers.

It is surely a understatement that no one EVER says something did not cost enough to make them happy and the flip side is if they get something 'for a real steal,' the question then asked is 'what's wrong with the product?'

Spam is doubling every 6 months, few computer users care very much about REAL computer security and there aren't enough hours in the day to do everything that we would either like to do, or need to do.

I'm curious -- how many of your readers have had enough issues with either Norton or McAfee that they have finally switched to Kaspersky?

How many of your readers use at least 2 anti-spyware products, like Spyware Doctor & Lavasoft [Paid] Ad-Aware/Ad-Watch.

How many of your readers routinely 'broadcast' their REAL IP address in searching the web, or use a commercial product like Anonymizer [rather than free 'Russian mob' sites ?]

Posted by: | October 24, 2007 10:37 PM | Report abuse

Unsecured wireless network.. more than 94 million accounts affected.
Kind of makes you want to beat your head against a wall doesn't it?

Posted by: R. Morris | October 26, 2007 11:46 AM | Report abuse

I read your stuff regularly - its very good if not the best. The Post has to be #1 in online newspapers.

Posted by: Dan O. Martin | October 26, 2007 1:04 PM | Report abuse

We continue to emphasize how important information security is to your home/business or government environment. It's important to remember that system hardening, firewalls, virus updates and patching are part of the installation and operational cost of doing business with computers. I continue to tell my clients that they always need to remember that when they get Internet access that not only are THEY connecting to the Internet...but the Internet is now connected to THEM. The cheapest defense of a country (or network) is education.


Posted by: ~Ben | October 26, 2007 2:57 PM | Report abuse

One should "lose" their credit card every six months and get it replaced. ;)

Posted by: George | October 27, 2007 11:38 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company