Economics: Technics: Mass ID theft from TJX conglomerate's customers from several of its brand chains in US, Puerto Rico, & Canada

With a Hat Tip to Mike Vizard's IT Security email newsletter, we're alerted to Matt Hines writing at eWeek details the story of a retail conglomerate subject to grand theft of customers' identities, "TJX Intrusion Highlights Pursuit of Corporate Data" (Jan18,2k7). This major mass ID theft resulted in the rapid transmission of customers' personal date to criminals who charged their acquisitions to the stolen credit card numbers in numerous places throught the world.

The potentially massive data theft reported by discount retail conglomerate TJX Companies illustrates the continued efforts of hackers to rob businesses of their most valuable information.

On Jan. 17, the company, based in Framingham, Mass. which operates a handful of North American and European retail chains including T.J. Maxx, Marshalls, HomeGoods and A.J. Wright, reported that a computer systems intrusion may have compromised the personal data of an undetermined number of customers.

TJX officials said that outsiders were specifically able to gain access to the portion of its computer network that retains its customers' credit card, debit card and check information, along with data related to merchandise return transactions.

The information involved was drawn from the company's T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the United States and Puerto Rico, along with its Winners and HomeSense stores in Canada.

TJX said the data theft may also affect customers of its T.J. Maxx stores in the United Kingdom and Ireland, as well as its Bob's Stores chain in the United States.

TJX operates an estimated 2,500 retail locations in total.

While the company did not reveal how many customers may be affected by the incident, TJX said that a majority of the data involved is related to individuals who shopped at its stores in the United States, Canada and Puerto Rico during 2003, and between May and December 2006.

World Economy > Cyber-crime

Company officials said that they have been able to isolate a limited number of credit and debit cardholders whose information was removed from its systems, as well as a smaller group of people whose drivers license details were stolen.

In addition to working with all major credit and debit card firms to help investigate any related fraud, along with law enforcement officials including the U.S. Department of Justice, U.S. Secret Service and the Royal Canadian Mounted Police, TJX said it has directly contacted individuals whose information was known to have been exposed via the intrusion and is offering additional customer support to people concerned that their data may have been compromised.

A number of banks have issued warnings to customers whose data may be involved in the incident, as have the credit card brokers.

TJX said it kept a lid on the details of the intrusion up until now at the request of law enforcement officials. This quiet period has become a common practice as investigators attempt to gather evidence of data incidents before details of the events are made public.

Since the break-in was discovered, TJX said it has "significantly strengthened the security of its computer systems" and hired IT specialists General Dynamics and IBM to help further investigate the intrusion and assess the volume of data that may have been stolen.

This cyber crime which includes TJX companies Winners and HomeSense in Canada, comes on the heels of the loss of data IDing a half-million clients of mutual-funds products of the Canadian Imperial Bank of Commerce (CIBC). Yours Truly happens to be a customer of the latter, but I own no mutual funds. And my East End neiborhood's mall includes a Winners. I don't shop there, and Winners' winners are suddenly losers (how hate I that last word!, but Oh the irony). For a relevant link on CIBC fiasco, see below.

--Owlb

Further Research:

Info Thieves Take Aim at the Enterprise, Matt Hines, Jan11,2k7

CIBC loses data on 470,000 fund clients--Canadians also confirmed as victims in Winners, HomeSense hacking case; Don Macdonald and Emily Mathieu, The Montreal Gazette and National Post, Jan19,2k7