Welcome to TBO.com. Skip directly to: our Keyword Search, Section Navigation, Content.
WFLA News Channel 8 The Tampa Tribune CentroTampa.com

TBO.com - Tampa Bay Online

Print This Print Bookmark and Share XML Feed For This Channel

TBO > News

TJX Breach Traced To Miami

ADVERTISEMENT

The Associated Press

Published: September 26, 2007

BOSTON - Hackers stole millions of credit card numbers from discount retailer TJX Cos. by intercepting wireless transfers of customer information from two Miami-area Marshalls stores, according to an eight-month investigation by the Canadian government.

The investigation led by Canadian Privacy Commissioner Jennifer Stoddart faulted TJX for failing to upgrade its data encryption system and for retaining years-old customer data that should have been quickly purged from the company's data systems.

Among TJX's stores are T.J. Maxx and HomeGoods.

Framingham, Mass.-based TJX disclosed the breach in January, but the company and U.S. government investigators have yet to publicly disclose how they think intruders initially broke in to TJX's systems in a theft that exposed at least 45 million credit and debit cards to potential fraud.

'The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it - putting the privacy of millions of its customers at risk,' said Stoddart, who announced the findings at an information security conference in Montreal on Tuesday.
TJX spokeswoman Sherry Lang said her company worked collaboratively with Canadian authorities and would adopt their recommendations to upgrade its information security.

'While we respectfully disagree with many of the commissioners' factual findings and legal conclusions, we have chosen to implement their recommendations, having already implemented most of them, with the remainder in process,' Lang said.

The recommendations include steps to mask driver's license information collected when customers return merchandise without receipts.

Stoddart, who investigated the breach along with Alberta Information and Privacy Commissioner Frank Work, said her office learned from TJX that the hacker or hackers' entry point was a local area wireless network at two Miami-area Marshalls stores.

Such networks collect and transmit data via radio waves about customer purchases, including payment card data, although wireless transmissions can be intercepted by means such as antennas. Although such data typically is encrypted, Canadian officials said TJX used an encryption method that was outdated and vulnerable to hackers at the time of the breach.

Share this:
Loading Comments...
Loading
Print This Print Bookmark and Share XML Feed For This Channel
 

ADVERTISEMENT

Advertisement

IYP and SEO vendors: SEO by eLocalListing | Advertiser profiles
Share This Story With A Friend
Oops! Your email could not be sent because of the following errors:
TJX Breach Traced To Miami
* Please separate multiple email addresses with commas.
* To:
Your Name:
Your Email Address:
Personal Message [optional]:
Print This Story
TJX Breach Traced To Miami

The Associated Press