This article is from the source 'bbc' and was first published or seen on . It will not be checked again for changes.
You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/business/6508983.stm
The article has changed 11 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| TK Maxx owner hit by card breach | TK Maxx owner hit by card breach |
| (about 2 hours later) | |
| Hackers have stolen information from at least 45.7 million payment cards used by customers of US retailer TJX, which owns TJ Maxx, and UK outlet TKMaxx. | |
| In a statement to US watchdogs the firm said it did not know the full extent of the theft and its effect on customers. | In a statement to US watchdogs the firm said it did not know the full extent of the theft and its effect on customers. |
| TJX added that the security breach may also have involved TK Maxx customers in the UK and Ireland. | TJX added that the security breach may also have involved TK Maxx customers in the UK and Ireland. |
| But the company did add that at least three-quarters of the affected cards had expired or data had been masked. | But the company did add that at least three-quarters of the affected cards had expired or data had been masked. |
| The company also told the BBC that 100 files were moved from its UK computer system in 2003, and two files were later stolen. | The company also told the BBC that 100 files were moved from its UK computer system in 2003, and two files were later stolen. |
| Question marks | Question marks |
| However, a spokesperson admitted that the firm may never know what was in those files. | However, a spokesperson admitted that the firm may never know what was in those files. |
| "We don't know what was in those files - the technology the hacker used prevents TJX from knowing, and also the fact that TJX system routinely deletes files," the spokesperson added. | "We don't know what was in those files - the technology the hacker used prevents TJX from knowing, and also the fact that TJX system routinely deletes files," the spokesperson added. |
| The data was accessed on TJX's systems in Watford, Hertfordshire, and Massachusetts over a 16-month period from July 2005 and covers transactions made by credit and debit card dating as far back as December 2002. | |
| We are deeply concerned about this event and the difficulties it may cause our customers Ben Cammarata, TJX | We are deeply concerned about this event and the difficulties it may cause our customers Ben Cammarata, TJX |
| The company, which discovered the problem three months ago and reported it two months ago, said that a lot of questions remained about the attack. | The company, which discovered the problem three months ago and reported it two months ago, said that a lot of questions remained about the attack. |
| "There is a lot of information we don't know, and may never be able to know, which is why this investigation has been so laborious," spokeswoman Sherry Lang said. | "There is a lot of information we don't know, and may never be able to know, which is why this investigation has been so laborious," spokeswoman Sherry Lang said. |
| In its filing to the Securities and Exchange Commission (SEC) the group said it believed "the intruder had access to the decryption tool for the encryption software utilized by TJX". | In its filing to the Securities and Exchange Commission (SEC) the group said it believed "the intruder had access to the decryption tool for the encryption software utilized by TJX". |
| It also admitted it did not know who, or how many people, were behind the attack, or whether there had been one breach or many. | It also admitted it did not know who, or how many people, were behind the attack, or whether there had been one breach or many. |
| The papers also said that a further 455,000 customers who returned merchandise without receipts had personal data stolen - including driver's license numbers. | The papers also said that a further 455,000 customers who returned merchandise without receipts had personal data stolen - including driver's license numbers. |
| However, the firm does not believe return customers at its UK stores were affected - or that chip and pin data in the UK was accessed as none is stored on the systems in Watford. | However, the firm does not believe return customers at its UK stores were affected - or that chip and pin data in the UK was accessed as none is stored on the systems in Watford. |
| Many stores hit | Many stores hit |
| The company warned many of its operations could be affected. | The company warned many of its operations could be affected. |
| Hackers managed to access information from its TJ Maxx, Marshalls and HomeGoods shops in the US and Puerto Rico; Bob's Stores in the US; as well as Winners and HomeSense shops in Canada. | Hackers managed to access information from its TJ Maxx, Marshalls and HomeGoods shops in the US and Puerto Rico; Bob's Stores in the US; as well as Winners and HomeSense shops in Canada. |
| Ben Cammarata, TJX chairman and acting chief executive, urged customers to check their credit and debit cards statements and any other account information for unauthorised use. | Ben Cammarata, TJX chairman and acting chief executive, urged customers to check their credit and debit cards statements and any other account information for unauthorised use. |
| "We are deeply concerned about this event and the difficulties it may cause our customers," he added. | "We are deeply concerned about this event and the difficulties it may cause our customers," he added. |
| "Since discovering the crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems." | "Since discovering the crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems." |