(Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın) - TJX Companies confirmed in its latest filings with the Securities and Exchange Commission that the Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın resulted in the loss of 45.7 million consumer records making it the largest such breach on record.
According to TJX's annual report filed with the SEC on March 28 the retail chain had some 45.6 million credit card and debit card records stolen from its payment processing and data storage systems over an 18 month period between 2005 and 2006. An additional 451000 records regarding customer returns made during 2003 were also lifted from its systems the Framingham Mass.-based company said.
The largest single loss of consumer data reported previously had been Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın of just over 40 million records in 2005.
In the report TJX specifically blames the incident on an unconfirmed number of external intruders who broke into its systems therein refuting theories that the breach may have been the result of an inside operation.
Additionally even after the exhaustive investigation that TJX has employed since first discovering the attack on Dec. 18 2006 -- including the hiring of computer forensics specialists from IBM and General Dynamics -- the firm admits it may never know the aaaa scope of the data loss.
"Given the scale and geographic scope of our business and computer systems and the time frames involved in the computer intrusion our investigation has required a substantial period of time to date and is not completed" the company said in its 10-K filing with the SEC. "We are continuing to try to identify information stolen in the computer intrusion through our investigation but other than the information provided we believe that we may never be able to identify much of the information believed stolen."
Based on its subsequent investigation TJX reported that the data theft specifically affected systems at its Massachusetts headquarters that were used to store data related to payment card check and return transactions at its A.J Wright HomeGoods Marshalls and T.J. Maxx stores in the U.S. and Puerto Rico as well as its HomeSense and Winners chains in Canada and T.K. Maxx stores in the U.K.
In addition to the Framingham attack the company said its computer systems in Watford U.K. that process payment card transactions at T.K. Maxx in the United Kingdom and Ireland had been attacked.
The report marks the first time TJX has confirmed the date when it first became aware of the attack which it first reported publicly nearly one month later on Jan. 17. However the company said it began working with IT security consultants and law enforcement officials within days of learning of the event.
According to the SEC report the company's systems were first attacked by outsiders during July 2005 and then repeatedly targeted until Dec. 2006 when TJX officials said they first became aware of the breach.
Once investigators were called in at that time they determined the intruders were still present on the company's computing systems and began monitoring the attack which finally concluded in January 2007.
One of the incidents that may have led to the firm's discovery of the breach was reports sent to TJX in November 2006 by law enforcement officials in Florida who had uncovered a Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın to carry out fraudulent transactions. Six people have been jailed in connection to those crimes and another four people currently are wanted by the Florida Department of Law Enforcement.
The company offered a number of new details about the types of data that were stolen via the intrusions.
TJX claims that one of the problems it has encountered during its investigation is that the information that thieves were lifting from its payment processing systems was also being routinely deleted by the company as part of its storage security practices.
"We have been able to identify only some of the information that we believe was stolen; prior to discovery of the computer intrusion we deleted in the ordinary course of business the :-):-):-):-):-):-):-)s of many files that we now believe were stolen" the company said. :-):-)"In addition the technology used by the intruder has to date made it impossible for us to determine the :-):-):-):-):-):-):-)s of most of the files we believe were stolen in 2006."
The firm reported that customer's credit and debit card personal identification numbers (PINs) were likely not compromised because that information was encrypted at the point-of-sale before being stored on the Framingham systems and was not retained in the Watford systems. Customers' names and addresses were not stored on the Framingham system in connection with payment card or check transactions the firm said.
Debit card information used by customers in the Canada stores was also not compromised according to the report.
The firm said it stopped the practice of storing so-called Track 2 data taken from the magnetic stripes on payment cards after Sept. 2003 and that it had implemented masking tools to obscure PIN information and other payment card and check information in early 2006.
In its 10-K filing TJX reported it has already spent roughly $5 million on recovery efforts related to the attack and indicated it may continue to pay for the incident in particular through lawsuits. On March 21 one of the company's shareholders the Arkansas Carpenters Pension Fund announced a suit against :-):-)TJX for failing to provide more details about the intrusion.


Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın