Thanks For Nothing, TJ Maxx

Ken AshfordCrimeLeave a Comment

It’s hard to sort the techno-economic gobbledygook, but the bottom line is this: If you used your credit card at TJ Maxx or Marshall’s, changes are pretty good that hackers have your credit/debit card number:

At least 45.7 million credit and debit card numbers were stolen by hackers who accessed the computer systems at the TJX Cos. [parent company of TJ Maxx and Marshalls] at its headquarters in Framingham and in the United Kingdom over a period of several years, making it the biggest breach of personal data ever reported, according to security specialists.

While details are still sketchy, TJX said unauthorized software placed on its computer systems stole at least 100 files containing data on millions of accounts from systems that process and store transaction information in Framingham and Watford, United Kingdom. Moreover, TJX believes the hackers last year had the capability to steal payment card data from its Framingham system as transactions were being approved. Even the files TJX tried to protect through encryption may have been compromised because the company believes the hackers had access to the decryption tool.

"It’s the biggest card heist ever," said Avivah Litan of technology consulting firm Gartner Inc. " It’s done considerable damage."


TJX believes its systems were first accessed in July 2005 and on subsequent dates in 2005 and from mid-May 2006 to mid-January 2007. No customer data was stolen after Dec. 18, 2006.