The massive data breach at $16 billion retailer TJX involved someone apparently armed with the chain's encryption key, but it might not have been needed as the cyber-thief was accessing data during the card-approval process before it was encrypted. These are among the latest details in what is almost certainly the worst retail data breach ever. In a 10-K filing to the federal SEC (Securities & Exchange Commission), TJX said it didn't know who the intruders were, but it did provide more details about what they say happened that led to the card information of some 46 million consumers to get into unauthorized hands.
The intruder or intruders here apparently planted software in TJX systems to capture data throughout the day and they also engaged in an increasingly popular tactic: post-event cleanup. That's where intruders spend extra effort cleaning up their tracks—deleting and otherwise tampering with log files, changing clock settings and moving data to hide their movements.