Phoenix, Arizona


Email Staff Writer Staff Writer on LinkedIn Staff Writer on Twitter Staff Writer on Facebook
Staff Writer
Staff Writer
Contributor •

TJX Companies SEC Filing Details 47.5 Million Possible Identity Theft Victims

Comments Off

TXJ Companies has finally come clean with some more details about the number of possible identity theft victims as a result of its failure to abide by credit card processing standards. Discussing this data security breach, in a regulatory filing with the Securities Exchange Commission, the TXJ Companies indicated,

Discovery of Computer Intrusion. On December 18, 2006, we learned of suspicious software on our computer systems. We immediately initiated an investigation, and the next day, General Dynamics Corporation and International Business Machines Corporation, leading computer security and incident response firms, were engaged to assist in the investigation. They determined on December 21, 2006 that there was strong reason to believe that our computer systems had been intruded upon and that an Intruder remained on our computer systems. With the assistance of our investigation team, we immediately began to design and implement a plan to monitor and contain the ongoing Computer Intrusion, protect customer data and strengthen the security of our computer systems against the ongoing Computer Intrusion and possible future attacks.

On December 22, 2006, we notified law enforcement officials of the suspected Computer Intrusion and later that day met with representatives of the U.S. Department of Justice, U.S. Secret Service and U.S. Attorney, Boston Office to brief them. At that meeting, the U.S. Secret Service advised us that disclosure of the suspected Computer Intrusion might impede their criminal investigation and requested that we maintain the confidentiality of the suspected Computer Intrusion until law enforcement determined that disclosure would no longer compromise the investigation.

TJX Companies did not inform the Securities and Exchange Commission about the precise number of identity theft victims resulting from its failure to properly secure or purge data. According to the Associated Press, however, this number is staggering:

At least 45.7 million credit and debit card numbers of TJX Cos. (TJX) customers were stolen from the discount retailer’s computer system over several years, according to a regulatory filing by the company Wednesday.

Unfortunately, not only have credit and debit card numbers been stolen, but also criminals have been using the stolen data as evidenced by arrests just this past week of six people in Florida attempting to use stolen credit card numbers to buy goods totaling about $1 million dollars.

This recent SEC filing and TJX Company disclosure should serve as a reminder to consider placing fraud alerts or credit freezes on your credit record if you have ever shopped at TJMaxx or Marshalls stores in the past twenty-four months. I sincerely hope that companies use this case as a stark reminder to take internet security and credit-card processing protections and security standards seriously.