TK Maxx loses payment details
Customers are urged to check statements for fraudulent use of account data following attack
Retailer TK Maxx has warned UK customers that their credit and debit card details may have been stolen in a hacking attack on the computer systems of its parent company TJX.
TJX says the attack occurred in December, but, on the advice of investigative authorities, only alerted customers last week.
The intrusion hit systems that manage customer transactions such as credit card, debit card and refunded transactions. TJX has identified some information that has been stolen, but the full extent of the theft is unknown.
Chairman Ben Cammarata says information on transactions made between May and December last year may have been accessed and is advising customers to review bank and credit card statements carefully.
‘Since discovering this crime we have been working to protect customers and strengthen the security of our systems,’ he said.
TJX is working with General Dynamics and IBM to boost security and says a containment plan will prevent further intrusions.
David Roberts, chief executive of The Corporate IT Forum, says it appears the retailer may have underinvested in systems to protect information.
‘I do not know of any other retailer that has suffered a similar attack in recent years. It will require a major revision to ensure its systems are foolproof,’ he said.
Roberts says ecrime is a growing threat, and any firm that stores credit and debit card information is a target and faces severe damage to their reputation.
Just last week, Sweden’s largest bank Nordea suffered the biggest internet fraud in history. More than eight million kronor (£600,000) disappeared in three months as a result of tailor-made Trojans, affecting 250 customers.
Gartner security analyst Jay Heiser says informing customers immediately of breaches would not necessarily help as many individuals do not know what to do when notified that their information has been lost. ‘But if firms were forced to disclose information about breaches sooner there would be an incentive to improve security,’ he said.
What do you think? Email us at [email protected]
Further reading