Major US clothing retailer hacked potentially affecting millions

Powered by SC Magazine
 

A major clothing retailer announced Wednesday that hackers accessed its network and stole an unknown amount of credit card information.

TJX Companies a discount apparel and home fashions department store chain that includes T.J. Maxx and Marshalls stores, said in a statement that the extent of the breach remains unknown, although thieves may have been silently pilfering private data for up to three years before their actions were detected in December.

Potentially millions of customers may be impacted, experts said.

"It's yet another example of how attackers have gone pro and really focused on the data," Ted Julian, vice president of marketing and strategy at New York-based data security firm AppSecInc, told SCMagazine.com today.

The breach affects credit card, debit card, check and merchandise return transactions for customers of T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright stores in the United States and Puerto Rico and Winners and HomeSense stores in Canada.

The incident also may affect customers of Bob's Stores in the United States and T.K. Maxx in the United Kingdom and Ireland.
The company, which has 2,500 storefronts, would not say exactly how many customers are possibly affected.

Ben Cammarata, chairman and acting CEO of TJX, suggested in the statement that customers should monitor their credit card records for unauthorised transactions.

"We are deeply concerned about this event and the difficulties it may cause our customers," he said. "We want to assure our customers that this issue has the highest priority at TJX."

Visa is contacting affected financial institutions to inform them that the cards they issued are involved in the breach, Rosetta Jones, vice president of Visa USA, said today in a statement. She added that all major credit cards accepted by TJX were impacted by the incident.

"Visa is risk scoring all transactions in real-time, helping card issuers better distinguish fraudulent transactions from legitimate ones," Jones said.

Visa has already contacted about 10 banks in Massachusetts, said Bruce Spitzer, a spokesman for the Massachusetts Banking Association, told SCMagazine.com today. That number is expected to significantly rise today as the association, which represents 205 banks in the state, surveys its members, Spitzer said.

He said the incident concerns his organization because banks likely will be left absorbing the costs of fraudulent activity and re-issuing credit cards.

"If a retailer has a data breach because they're sloppy, why does the bank have to absorb all the costs?" Spitzer said. "It could potentially be a very big hit."

TJX has hired several network security providers to determine what personal information was compromised and to implement new safeguards, according to the statement.

"With the help of leading computer security experts, TJX has significantly strengthened the security of its computer systems," the statement said, providing no specific details.

"While no computer security can completely guarantee the safety of data, these experts have confirmed that the containment plan adopted by TJX is appropriate to prevent future intrusions and to protect the safety of credit card, debit card and other customer transactions in its stores."

Julian would not speculate on what security measures may have been lacking, but he said encryption and activity monitoring solutions could help safeguard companies in this era of silent, targeted attacks.

"People are after your data," he said. "They're much more resourceful. They're much more devious in how they go about it, and the stakes are getting even higher."

TJX is working with law enforcement authorities and credit card providers in an investigation.

Julian said it will be interesting to learn whether TJX was in full compliance with the Payment Card Industry (PCI) standard, which consists of 12 guidelines to protect customer information.

The fact that TJX reported the breach suggests the data was not encrypted, one of the requirements of PCI.

"It's essential for all businesses that handle payment card information adhere to the highest data protection standards for the security and privacy of their customers' financial information," Jones said.

Click here to email reporter Dan Kaplan.


 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  23%
 
Westpac
  19%
TOTAL VOTES: 1515

Vote