TK Maxx confirms theft of millions of credit card details

World's largest theft went undetected for 16 months

Retailer is victim of fraud

Retailer TK Maxx says hackers stole credit and debit card details belonging to over 45 million customers in an attack on the computer systems of its parent company TJX.

Transaction details from January 2003 to June 2004 were accessed, but the full extent of the theft is unknown, Computing revealed earlier this year (January 2007).

TJX has admitted that data was accessed from its systems in Watford, Hertfordshire and Massachusetts over a 16-month period from July 2005 to December 2006.

The company confirmed information had been stolen from 45.6 million cards used in the UK and US between January and November 2003. However it does not know how many details have been stolen from November 2003 to June 2004.

It is the world’s largest theft of credit card details and was undetected until December last year. Two files were also stolen and TJX may never know what was in those files.

Some customers of TK Maxx’s 210 shops have reported that their credit card details have already been used to make fraudulent transactions.

TJX is working with General Dynamics and IBM to investigate the breach and boost security, says chief executive Carol Meyrowitz.

‘Given the nature of the breach, the size and international scope of our operations and the complexity of the way credit card transactions are processed, the evaluation is, by necessity, taking time,’ she said.

‘With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers should feel safe shopping in our stores.’

But it is urging customers to monitor their credit and debit card statements and for suspicious transactions.

David Roberts, chief executive of The Corporate IT Forum, said at the time the attack was first revealed that TK Maxx may have underinvested in systems to protect information.

‘I do not know of any other retailer that has suffered a similar attack in recent years. It will require a major revision to ensure its systems are foolproof,’ he said.

Roberts says e-crime is a growing threat, and any theft of credit and debit card information could pose damage a retailer’s reputation.