Hack attack at TK Maxx

22 Jan 2007

Irish customers of the TK Maxx chain of stores have been warned that their credit card details may have been compromised following a hacking attack on the retailer’s parent company in the US.

The TJX Companies released a statement last week revealing it had discovered an “unauthorised intrusion” into its systems in mid-December. The computer systems that were breached are used to process and store customer transactions, the company said.

As yet, the company said it doesn’t know the full extent of the theft and which customers have been affected. It confirmed that it has identified some customer information that was stolen from its systems and this “may involve customers of its TK Maxx stores in the UK and Ireland”.

TJX said that investigations so far have revealed that an unauthorised intruder accessed the computer systems that process and store information related to customer transactions during 2003 and from mid-May to December last year for stores in the US, Puerto Rico and Canada.

In a statement, the company said it was “concerned that the intrusion may extend to the computer systems that process and store information related to customer transactions for TK Maxx in the UK and Ireland”. So far, the investigation has not been able to confirm whether this further intrusion actually took place.

So far, TJX said its investigations have thrown up a limited number of credit card and debit card holders whose information was removed from its system. It is providing this information to the credit card companies.

Ben Cammarata, chairman and acting CEO of The TJX Companies, said the firm has worked on strengthening its security systems since discovering the breach. “Our first concern is the potential impact of this crime on our customers, and we strongly recommend that they carefully review their credit card and debit card statements and other account information for unauthorised use,” he added.

Brian Honan, managing director of the security firm BH Consulting, pointed out that there are industry standards which require companies handling credit and debit cards to implement levels of security according to the volume of transactions they process. “If companies are genuinely concerned about protecting the confidential information entrusted to them by their customers then they should really be encrypting that data,” he told siliconrepublic.com.

Anyone who has used their credit or debit cards in a TK Maxx store and thinks they might have been affected by the hack can call 0800 77 90 15 for more information.

By Gordon Smith