| Page 2 of 2 < |
Customer Data Breach Began in 2005, TJX Says
TJX's retail chains include clothing discounters T.J. Maxx and Marshalls. It operates more than 2,400 stores.
(By Elise Amendola -- Associated Press)
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
One of the biggest breaches occurred in 2005, when 40 million credit card numbers, along with name and account information, were exposed by hackers who broke into CardSystems Solutions, a credit card processing center that handled transfers of payments between the banks that issue credit cards and the merchants' banks.
Retailers often keep more data than necessary to process transactions, Litan said. They also keep information longer than necessary, she said.
"The CEOs and senior managers of most retailers that are storing data, like TJX, have no idea they're storing that data," Litan said. "It's basically a legacy of old systems programming." Many retailer systems were built in the 1970s and '80s, before there were hackers.
Many banks are frustrated because they are "left having to pay for the mistakes of retailers," to cover reissuing cards and any losses due to fraud, said Nessa Feddis, senior federal counsel for the American Bankers Association.
"Retailers are not protecting the data," she said. "It's not a question of notification. It's a responsibility to protect the data."
The bankers typically do not know the scope of retailer breaches because of confidentiality agreements between the retailers and the issuing card companies, such as Visa and MasterCard.
In Massachusetts, where TJX is headquartered, the Massachusetts Bankers Association stopped surveying its members in connection with the TJX breach after more than 30 banks were alerted by Visa and Master Card that their cards had been compromised by the TJX intrusion, association spokesman Bruce Spitzer said.
TJX operates more than 2,400 stores in the United States, Canada and Europe. They accept Visa, MasterCard, American Express and Discover credit cards.
The company reported yesterday that same-store sales in the fourth quarter rose 5 percent from the comparable quarter a year earlier. The quarter ended Jan. 27, 10 days after the breach was disclosed.
TJX, which is being sued by customers and banks, also reported that it spent $5 million in the fourth quarter to cover costs of the investigation, enhance computer security and communicate with customers.
Fourth-quarter profit fell 29 percent, to $205.5 million. Sales rose 9 percent, to $5.1 billion. For the full fiscal year, TJX profit rose 7 percent, to $738 million. Sales rose 9 percent, to $17.4 billion.
