More Details Released on Computer Data Theft at TJMaxx and Marshalls Stores

Since posting the message about thieves who accessed customer data on computers storing Marshalls and TJMaxx customer data, I have learned more about what happened and the company’s response. According to a company press release concerning the data theft,

• Portions of the information stored in the affected part of TJX’s network regarding credit and debit card sales transactions in TJX’s stores (excluding Bob’s Stores) in the U.S., Canada, and Puerto Rico during 2003, as well as such information for these stores for the period from mid-May through December, 2006 may have been accessed in the intrusion. TJX has provided the credit card companies and issuing banks with information on these and other transactions.

• To date, TJX has been able to specifically identify a limited number of credit card and debit card holders whose information was removed from its system and is providing this information to the credit card companies. In addition, TJX has been able to specifically identify a relatively small number of customer names with related drivers’ license numbers that were also removed from its system, and TJX is contacting these individuals directly.

• TJX is continuing its investigation seeking to determine whether additional customer information may have been compromised. TJX does not know if it will be able to identify additional information of specific customers that may have been taken.

The company press release answers some questions about what steps the company is taking to determine the extent of what happened. However, as indicated previously, the proof is in the details about whether the company will truly help consumers whose only mistake was to walk into Marshalls or TJMaxx and buy something assuming that credit card details and other personal information would be protected.