TJX Companies said 45.7 million accounts were compromised over nearly a two-year period, in an update of an investigation into a data breach of customer records. The scope of the breach, which was initially disclosed in January, is far wider than previously believed.
Avivah Litan, an analyst with research company Gartner, said: “This is the largest security breach we’ve ever had worldwide. There was a case at CardSystems where 40 million records were exposed but this one looks like it was a case where the information was stolen.”
TJX, which operates discount retail chains including TK Maxx in the UK and Marshalls and TJ Maxx in the US, released additional details of the breach in a filing with the US Securities and Exchange Commission.
In its filing, TJX noted cyber thieves first accessed its computer systems in July 2005 and installed software to harvest such sensitive customer information as account information, names and addresses, drivers’ licence numbers and military and state identification. The breach continued until mid-January 2007.
Article, News, World, Largets, Security, Breach