TJX breach occurred seven months before it was detected
Intrusion happened in mid-May but wasn't discovered until December
Computerworld - The data breach at TJX Cos. that exposed sensitive credit and debit card data on an unknown number of customers occurred nearly seven months before it was detected, a company spokeswoman said today.
The breach occurred as far back as mid-May 2006 but was discovered only in mid-December, said company spokeswoman Debra McConnell. The original statement from Framingham, Mass.-based TJX announcing the data compromise last week mentioned only the discovery of the breach in December and made no reference to when the breach actually happened.
McConnell said the decision not to mention when the breach happened did not represent an "inconsistency" in the company's public reporting of the incident. "We had said in our press release that we had discovered the breach in mid-December but we did not put in when it occurred," she said.
McConnell did not provide details on the scope of the breach but reiterated the company's earlier statement that credit and debit card information belonging to "a limited number" of individuals had been stolen from the compromised system. "And by 'limited' we mean substantially less than millions," she said.
Meanwhile, a Canadian law firm, the Merchant Law Group, filed a class-action lawsuit against Winners and HomeSense, two TJX-owned retailers in Canada whose customers were affected by the breach.
The lawsuit was filed in courts in six Canadian provinces and seeks "financial recovery on behalf of all individuals for whom personal information has been revealed," a statement posted on the company's Web site said.
"There's a variety of issues, from the negligence of these companies to protect credit-card information to issues of violations of privacy legislation and other legislation that protect personal information in Canada," said Evatt Merchant a partner at the law firm.
"In terms of corrective action, there would have to be safeguards to make sure this didn't happen again, and damages have to be assessed on a classwide basis, though obviously that is something that is a bit downstream," right now, he said. He added that public response to the lawsuits has been "significant."
McConnell said TJX had no comment on the lawsuit.
TJX said last Wednesday that an "unauthorized intruder" had gained access to its system and may have stolen credit and debit card data belonging to an unspecified number of customers in the U.S., Canada and Puerto Rico, and possibly in the U.K. and Ireland.
The retailer, which owns discount retail chains including TJ Maxx, Marshalls and Bob's Stores, didn't disclose the number of shoppers that may have been affected by the breach, saying that the full extent of the data theft "is not yet known."
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!