Security news
Security news30 March 2007
TJ Maxx retail giant admits hackers stole 45 million credit card details Largest credit card heist in history steals information from high street shoppers
Sophos, a world leader in IT security and control, has reminded consumers of the importance of checking their credit card statements after it was revealed that retail giant TJX has had details of at least 45.6 million credit cards stolen from it by hackers.
TJX, the parent company of TJ Maxx, TK Maxx, Marshalls, HomeGoods, AJ Wright, Winners, and HomeSense, discovered suspicious software on its computer systems in late December 2006. In the following days the retail giant determined that files carrying credit card, debit card, check and unreceipted merchandise return transactions had been accessed illegally since July 2005.
TJX has published information on its website for customers who may be affected by the loss of credit card data.
"Many consumers are nervous about using their credit cards online, but in this case - probably the biggest heist of credit cards in history - the information stolen was from shoppers who had walked into a high street store, and bought their clothing face-to-face using plastic," said Graham Cluley, senior technology consultant for Sophos. "Big businesses must defend their systems from these kind of intrusions or risk undermining customer confidence. Consumers meanwhile need to keep a close eye on their credit card accounts and raise a flag if there are unexpected debits which could be the work of fraudsters."
A statement on TJX's website acknowledged that precise details of what had occurred remained sketchy:
-
"We do not know who the intruder was, or if there were one or more
intruders... Due to the type of technology used in the intrusion as well as deletions of transaction data in the ordinary course, we can't now, and believe
that we may never be able to, identify much of the information believed
stolen."
The fact that TJX has not managed to identify customers who may be affected by the security breach has raised concern amongst some shoppers.
"It's understandable that people should be concerned that their credit cards may have fallen into the hands of hackers through no fault of their own. Members of the public who identify unauthorized or suspicous card use should contact their bank immediately," advised Cluley.
- Information about the security breach from TJX
- TJX FAQ for customers, including advice on what to do if you believe you may be affected
In 2005, a payment-processing center in Atlanta became the target of a successful hacking attack when an estimated 40 million credit card details were stolen.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
