TJX Suffers Hack Attack

by MR Magazine Staff

NEW YORK – The nation’s largest off-price retailer has gotten some unwelcome first-hand experience with identity theft.

The TJX Companies is working with law enforcement officials, computer security experts and credit providers to get to the bottom of “unauthorized intrusions” into information in its computers covering transactions in 2003 and 2006.

TJX said it discovered the breach last month and immediately notified the U.S. Department of Justice, U.S. Secret Service and Royal Canadian Mounted Police but, at the request of law enforcement, kept the information confidential until Wednesday.

TJX didn’t say how many of its customers or transactions may have been compromised. However, it said it had ascertained that records from its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico and its Winners and HomeSense stores in Canada had been hacked. It is possible that information about T.K. Maxx in the U.K. and Ireland may also have been illegally accessed, and that, during the 2006 intrusions, data about Bob’s Stores transactions may have been obtained. TJX acquired Bob’s in late 2003.

Ben Cammarata, chairman and acting chief executive officer of TJX, said, “Since discovering this crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems, and we believe customers should feel safe shopping in our stores. Our first concern is the potential impact of this crime on our customers, and we strongly recommend that they carefully review their credit card and debit card statements and other account information for unauthorized use.”

Since contacting law enforcement officials, TJX has engaged General Dynamics Corp. and IBM Corp. to monitor and evaluate the breach and upgrade security systems. Major credit card companies have been contacted and provided with all available information. When TJX has been able to ascertain specific transactions and customers affected, this information has been given to its customers. The company has established toll-free numbers in the U.S., Canada and the U.K. for customers seeking additional information.

TJX hasn’t yet been able to estimate the financial consequences of the breach but expects to do so when it releases its January 2007 sales next month.