Stolen TK Maxx credit card details used to commit fraud

Security breach at parent comapny TJX led to fraud in US, Europe and Asia, according to Massachusetts Bankers Association.

Customer data stolen from TJX, the company behind high street store TK Maxx, has been used to defraud credit and debit card users in the US, Europe and Asia.

The data was taken after hackers broke into a system containing financial information of customers in December last year. Only last week did the company admit systems had been breached.

"We were extremely disappointed when we determined that we have suffered an unauthorized intrusion into our computer systems that process and store information related to customer transactions," said Ben Cammarata, chairman and acting chief executive of TJX in a statement.

The company did not divulge the extent of the breach but said that the involved the portion of TJX's computer network that handled credit card, debit card, cheque, and merchandise return transactions for customers of its T.K. Maxx shops in UK and Ireland where the company has 200 shops. The breach as affected its stores in the US as well as other chains operated by the group around the world.

It said that it was conducting a full investigation with the assistance of several computer security and incident response firms.

"Since discovering this crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems and we believe customers should feel safe shopping in our stores," said Cammarata.

But the Massachusetts Bankers Association (MBA) said that nearly 60 banks in the state had reported fraud connected to the data theft. It said in a statement that fraudulent use of debit and credit card data had been used to make purchases in Florida, Georgia, and Louisiana in the US, and Hong Kong and Sweden overseas. The association said that it expected the number of banks reporting incidences to be far higher.

Daniel Forte, president of the MBA said that the card companies would notify banks which in turn would issue affected customers with new cards and the banks would contact the customer to let them know what is happening.

"In rare circumstances, in a rush to protect you, your card could be cancelled before the communication reaches you," he said.

"It is critical that the card associations - Visa, MasterCard, etc. - and public officials carefully evaluate whether the source of the breach should be identified quickly and be held liable for a data breach, particularly if the information being stored is in violation of card network rules," said Forte.

Analysts said that this current breach is symptomatic of systems that have failed to keep up to date with current security practices.

"There is a lack of security in the retail industry and that doesn't surprise me at all," said Andy Kellett, senior research analyst at Butler Group. "The details that stores keep on credit card details go back a number of years and it will be card numbers from the last couple of years that will interest criminals the most."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021