TJX breach occurred seven months before it was detected
Intrusion happened in mid-May but wasn't discovered until December
Computerworld - The data breach at TJX Cos. that exposed sensitive credit and debit card data on an unknown number of customers occurred nearly seven months before it was detected, a company spokeswoman said today.
The breach occurred as far back as mid-May 2006 but was discovered only in mid-December, said company spokeswoman Debra McConnell. The original statement from Framingham, Mass.-based TJX announcing the data compromise last week mentioned only the discovery of the breach in December and made no reference to when the breach actually happened.
McConnell said the decision not to mention when the breach happened did not represent an "inconsistency" in the company's public reporting of the incident. "We had said in our press release that we had discovered the breach in mid-December but we did not put in when it occurred," she said.
McConnell did not provide details on the scope of the breach but reiterated the company's earlier statement that credit and debit card information belonging to "a limited number" of individuals had been stolen from the compromised system. "And by 'limited' we mean substantially less than millions," she said.
Meanwhile, a Canadian law firm, the Merchant Law Group, filed a class-action lawsuit against Winners and HomeSense, two TJX-owned retailers in Canada whose customers were affected by the breach.
The lawsuit was filed in courts in six Canadian provinces and seeks "financial recovery on behalf of all individuals for whom personal information has been revealed," a statement posted on the company's Web site said.
"There's a variety of issues, from the negligence of these companies to protect credit-card information to issues of violations of privacy legislation and other legislation that protect personal information in Canada," said Evatt Merchant a partner at the law firm.
"In terms of corrective action, there would have to be safeguards to make sure this didn't happen again, and damages have to be assessed on a classwide basis, though obviously that is something that is a bit downstream," right now, he said. He added that public response to the lawsuits has been "significant."
McConnell said TJX had no comment on the lawsuit.
TJX said last Wednesday that an "unauthorized intruder" had gained access to its system and may have stolen credit and debit card data belonging to an unspecified number of customers in the U.S., Canada and Puerto Rico, and possibly in the U.K. and Ireland.
The retailer, which owns discount retail chains including TJ Maxx, Marshalls and Bob's Stores, didn't disclose the number of shoppers that may have been affected by the breach, saying that the full extent of the data theft "is not yet known."
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!