The credit and debit card data of a large number of shoppers in the U.S., Puerto Rico and Canada, and possibly in the U.K and Ireland, may have been compromised as the result of a hacking incident at The TJX Companies Inc. last month. According to a statement issued today by the Framingham, Mass.-based retailer, the network intrusion took place in mid-December and involved systems used to process credit, debit, check and merchandise-return transactions at its TJ Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S and Puerto Rico.
Also affected was customer transaction data from TJX's Winners and HomeSense stores in Canada, the company said. Data collected at its T.K. Maxx stores in the U.K and Ireland, and at its Bob's Stores unit in the U.S. may have been put at risk as well. "While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known," the company said in its statement.
Credit and debit card data involving transactions processed during 2003 and between May and December of last year may have been accessed as part of the intrusion, according to TJX. The company said that thus far, it has identified "a limited number" of card holders whose data was removed from its systems. All major card brands accepted by TJX have been affected, including Visa, MasterCard, American Express and Discover. In addition, the retailer said it has identified "a relatively small number" of customers whose driver's license information was also stolen from the compromised systems. No information was released on the total number of people that might have been affected by the breach. Neither did TJX disclose any details on how exactly the intruder gained access to the systems and the data.