Credit card heist hits 45 million users

By on
Credit card heist hits 45 million users

UK customers of TK Maxx told to check credit and debit card statements.

A security breach on the computer systems at is now thought to have led to the theft of 45.7 million credit and debit card records. 

The data theft took place over an 18-month period, beginning in July 2005.

"We have been able to specifically identify that a portion of the data believed stolen included account information for approximately 45.7 million separate payment cards," said an official statement from, the American parent of TK Maxx. 

TJX said that 75 per cent of the cards were expired at the time of the theft, or the stolen information did not include the security code data from the magnetic strip on the payment card.

However, that still leaves 11.42 million stolen financial records that are currently active. TJX has warned UK customers to check their credit card statements.

"Today's full declaration by TJX is a graphic example of how a breach in information security can impact a business and its customers," said Greg Day, security analyst at McAfee. 

"The announcement is just the tip of the iceberg, however, as organisations across the globe continue to evaluate and look to implement security policy to protect against external and internal threat."

Jamie Cowper, data security expert at PGP Corporation, added: "This is a frightening illustration that when retailer's systems are hacked, even if it occurs on the other side of the world, the card details of customers in every country are at risk because of the way companies share and store information globally." 

Cowper explained that the upcoming Payment Card Industry Data Security Standard (PDF) in June 2007 would force retailers such as TJX to safeguard customer card information or face losing its credit card facilities altogether.

"Security technologies such as encryption can greatly simplify the process of protecting information," said Cowper.

"But the recent spate of data breaches suggests that many companies are still a long way off being compliant with this and other data protection standards."

Mike Smart, European product manager at Secure Computing, added: "We find that 80 per cent of confidential data is typically undetectable by 90 per cent of firewalls and as a result sensitive data can leak from the organisation without their knowledge. 

"With the rise of real-time unencrypted communications, such as instant messaging and web mail, hacking into a corporate network and extracting data unnoticed is easy."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
45 card credit heist hits million security users

Sponsored Whitepapers

Is the technology refresh dead?
Is the technology refresh dead?
DevSecOps: A framework for digital innovation
DevSecOps: A framework for digital innovation
Encryption: Protect your most critical data
Encryption: Protect your most critical data
Overcoming data security challenges in a hybrid, multicloud world
Overcoming data security challenges in a hybrid, multicloud world
Move beyond passwords
Move beyond passwords

Events

Most Read Articles

Vodafone hit by nationwide 4G outage

Vodafone hit by nationwide 4G outage
Virgin Australia rebuilds its IT leadership team

Virgin Australia rebuilds its IT leadership team
NAB's chief data officer Glenda Crisp leaves bank

NAB's chief data officer Glenda Crisp leaves bank
Westpac to offer smartphone-based identity verification group-wide

Westpac to offer smartphone-based identity verification group-wide
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?