Date: 18 January 2007
Incident Type: Security Breach
WASC Threat Classification: Unknown

A massive security breach, estimated to be the largest in history, has been discovered at TJX companies, a major US retail chain operating chains such as such as Bob's Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright. The extent of the breach is still unclear but the hack may have started as early as July 2005 and information stolen is from as early as 2003 and up until the discovery at December 2006. Apart from credit card and debit card numbers driver license numbers were also stolen.

As of today a single arrest was done in this case in Florida, in which 5 people were arrested for using the stolen information to steal $8 million. The arrested people are believed to have bought the information and are probably not the hackers.

Information regarding the method used to hack TJX computers is still not available.

References:

• TK Maxx customers hit by hacking scare [Zdnet]
• Massive Security Breach Reveals Credit Card Data [CSO Online]
• Update: Retail breach may have exposed card data in four countries [Computer World]
• TJX Frequently Asked Questions about the incident [TJX]
• Banks Report Fraud Related to TJX Hacker [Associated Press]
• Stolen TJX Data Used in $8M Scheme Before Breach Discovery [eWeek]
• TJX: Data Theft Began in 2005; Data Taken from 2003 [eWeek]
• TJX data breach: At 45.6M card numbers, it's the biggest ever [Computer World]