45.7 million people hit in largest credit card hack

30 Mar 2007

In what has been described as the biggest ever credit card security breach in history, hackers have broken into the computer systems of the US parent of TK Maxx and have stolen information on at least 45.7 million credit and debit card holders.

TJX said that the hackers were able to access its systems almost at will and that it may never know the full extent of how much information has been stolen.

Customers who shopped at the company’s TK Maxx stores in the Ireland, the UK, Canada and Puerto Rico were all targeted and the hackers were able to witness unencrypted credit card data as payments were processed between store tills and the banking networks.

In hundreds of thousands of cases in the US stores the hackers were able to get access to customers addresses and other personal information that could allow them to commit identity theft. Some of the data seized is believed to have included details such as driver’s licence numbers.

Already it has been alleged that the thieves embarked on a €6m (US$8m) spending spree in Florida. Six people were arrested earlier this month and warrants have been issued for four others.

TJX admitted a security breach in April but it is only now that it has revealed the full extent of the hack attack.

TJX says that some 45.6 million card details were seized by the sophisticated hackers in 2006 and a further 132,000 taken this year.

The data was accessed on TJX’s systems in the UK and in Massachusetts over a 16-month period and the data accessed covered credit and debit card transactions dating as far back as December 2002.

While most of the data stolen may no longer be valid, the case is a tragic reminder of the responsibility placed on retailers and e-tailors about protecting private data of customers in the face of increasingly sophisticated hacking and scamming methods.

By John Kennedy