Banks and credit card companies are rushing to notify their customers to keep an eye out for fraudulent activity on their accounts after several retailers discovered thefts of customer data from their computer systems.
TJX, the parent company of Marshalls, T.J. Maxx, and several other national chains, said hackers breached a system that handles credit card, debit card, and check transactions in the United States and Puerto Rico. The company also said there is a possibility the breach is as far-reaching as the United Kingdom and Ireland.
Although officials from the Framingham, Mass.-based retail firm would not say how many customers had their data stolen by the computer hackers, the company did confirm that the breach happened in May 2006 and involved credit card information dating back to 2003.
The break-in was kept quiet until Wednesday, according to the company, at the request of law-enforcement officials.
How Many Affected?
While TJX has specifically identified some customer information that has been stolen from its systems, "the full extent of the theft and affected customers is not yet known," the company said in its statement. However, the Wall Street Journal has reported that more than 40 million cards might have been compromised.
The stores affected all accepted major card brands, including Visa, MasterCard, American Express, and Discover.
Visa USA said in a statement that it has provided the affected accounts to the banks that issued its cards so they could take steps to protect their consumers. Bank of America and American Express also said they are monitoring accounts for unusual activity.
Visa and other credit card companies noted that consumers are not responsible for any fraudulent purchases.
As more and more personal data has been moved online, there has been an increased risk of losing personal information. In recent years, the list of companies reporting breaches reads like an industry "Who's Who."
Rob Ayoub, an industry manager of network security at research firm Frost & Sullivan, compared the ongoing assaults on personal data to the Wild West, where gunslingers raided banks with piles of gold in their vaults.
"These are the places where hackers can find the some of the biggest rewards," he said of the retail outlets.
Over the past few years, there have been numerous notable mishaps, including the disappearance of backup tapes containing the credit card information of 1.2 million federal workers by Bank of America, the theft of more than 300,000 customers' personal information at Reed Elsevier, a subsidiary of data broker LexisNexis, and the loss of transaction data belonging to around 180,000 customers of fashion house Polo Ralph Lauren.
It is not always big business in the crosshairs of hackers. A string of universities also have fallen prey in the past few years.
Ayoub noted that the seeming increase in incidents of data and identity theft is likely a combination of factors, including greater awareness of the issues and stiffer penalties for companies that do not readily disclose the breaches.