Sophos, a world leader in IT security and control, has reminded
consumers of the importance of checking their credit card
statements after it was revealed that retail giant TJX has had
details of at least 45.6 million credit cards stolen from it by
hackers.
TJX, the parent company of TJ Maxx, TK Maxx, Marshalls,
HomeGoods, AJ Wright, Winners, and HomeSense, discovered suspicious
software on its computer systems in late December 2006. In the
following days the retail giant determined that files carrying
credit card, debit card, check and unreceipted merchandise return
transactions had been accessed illegally since July 2005.
TJX has published information on its website
for customers who may be affected by the loss of credit card
data.
"Many consumers are nervous about using their credit cards
online, but in this case - probably the biggest heist of credit
cards in history - the information stolen was from shoppers who had
walked into a high street store, and bought their clothing
face-to-face using plastic," said Graham Cluley, senior
technology consultant for Sophos. "Big businesses must defend their
systems from these kind of intrusions or risk undermining customer
confidence. Consumers meanwhile need to keep a close eye on their
credit card accounts and raise a flag if there are unexpected
debits which could be the work of fraudsters."
A statement on TJX's website acknowledged that precise details
of what had occurred remained sketchy:
"We do not know who the intruder was,
or if there were one or more intruders... Due to the type of
technology used in the intrusion as well as deletions of
transaction data in the ordinary course, we can't now, and believe
that we may never be able to, identify much of the information
believed stolen."
The fact that TJX has not managed to identify customers who may
be affected by the security breach has raised concern amongst some
shoppers.
"It's understandable that people should be concerned that their
credit cards may have fallen into the hands of hackers through no
fault of their own. Members of the public who identify unauthorized
or suspicous card use should contact their bank immediately,"
advised Cluley.
In 2005, a payment-processing center in Atlanta became the
target of a successful hacking attack when an estimated 40 million
credit card details were stolen.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.