Sophos, a world leader in IT security and control, has reminded consumers of the importance of checking their credit card statements after it was revealed that retail giant TJX has had details of at least 45.6 million credit cards stolen from it by hackers.
TJX, the parent company of TJ Maxx, TK Maxx, Marshalls, HomeGoods, AJ Wright, Winners, and HomeSense, discovered suspicious software on its computer systems in late December 2006. In the following days the retail giant determined that files carrying credit card, debit card, check and unreceipted merchandise return transactions had been accessed illegally since July 2005.
TJX has published information on its website for customers who may be affected by the loss of credit card data.
"Many consumers are nervous about using their credit cards online, but in this case - probably the biggest heist of credit cards in history - the information stolen was from shoppers who had walked into a high street store, and bought their clothing face-to-face using plastic," said Graham Cluley, senior technology consultant for Sophos. "Big businesses must defend their systems from these kind of intrusions or risk undermining customer confidence. Consumers meanwhile need to keep a close eye on their credit card accounts and raise a flag if there are unexpected debits which could be the work of fraudsters."
A statement on TJX's website acknowledged that precise details of what had occurred remained sketchy:
"We do not know who the intruder was, or if there were one or more intruders... Due to the type of technology used in the intrusion as well as deletions of transaction data in the ordinary course, we can't now, and believe that we may never be able to, identify much of the information believed stolen."
The fact that TJX has not managed to identify customers who may be affected by the security breach has raised concern amongst some shoppers.
"It's understandable that people should be concerned that their credit cards may have fallen into the hands of hackers through no fault of their own. Members of the public who identify unauthorized or suspicous card use should contact their bank immediately," advised Cluley.
In 2005, a payment-processing center in Atlanta became the target of a successful hacking attack when an estimated 40 million credit card details were stolen.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.