Press Releases

Browse our press release archive

30 Mar 2007

TJ Maxx retail giant admits hackers stole 45 million credit card details

Largest credit card heist in history steals information from high street shoppers

Sophos, a world leader in IT security and control, has reminded consumers of the importance of checking their credit card statements after it was revealed that retail giant TJX has had details of at least 45.6 million credit cards stolen from it by hackers.

TJX, the parent company of TJ Maxx, TK Maxx, Marshalls, HomeGoods, AJ Wright, Winners, and HomeSense, discovered suspicious software on its computer systems in late December 2006. In the following days the retail giant determined that files carrying credit card, debit card, check and unreceipted merchandise return transactions had been accessed illegally since July 2005.

Statement on TJX website
TJX has published information on its website for customers who may be affected by the loss of credit card data.

"Many consumers are nervous about using their credit cards online, but in this case - probably the biggest heist of credit cards in history - the information stolen was from shoppers who had walked into a high street store, and bought their clothing face-to-face using plastic," said Graham Cluley, senior technology consultant for Sophos. "Big businesses must defend their systems from these kind of intrusions or risk undermining customer confidence. Consumers meanwhile need to keep a close eye on their credit card accounts and raise a flag if there are unexpected debits which could be the work of fraudsters."

A statement on TJX's website acknowledged that precise details of what had occurred remained sketchy:

The fact that TJX has not managed to identify customers who may be affected by the security breach has raised concern amongst some shoppers.

"It's understandable that people should be concerned that their credit cards may have fallen into the hands of hackers through no fault of their own. Members of the public who identify unauthorized or suspicous card use should contact their bank immediately," advised Cluley.

In 2005, a payment-processing center in Atlanta became the target of a successful hacking attack when an estimated 40 million credit card details were stolen.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.