Personal information stolen from the databases of TJX Companies has been used in fraudulent credit card purchases in the United States and abroad, according to one banking organization.
The Massachusetts Bankers Association (MBA) reported this week that criminals have used the private data for acquisitions in Florida, Georgia, Louisiana, Hong Kong and Sweden.
TJX, based in Framingham, Mass. said last week in a statement that the extent of the breach was unknown, but hackers may have been stealing private information for up to three years before their actions were detected last month.
The breach affects credit card, debit card, check and merchandise return transaction information for customers of T.J. Maxx, Marshalls, Homegoods and A.J. Wright stores in the U.S. and Puerto Rico and Winners and HomeSense stores in Canada.
The incident also may affect customers of Bob’s Stores in the U.S. and T.K. Maxx in the United Kingdom and Ireland.
Daniel J. Forte, MBA president and CEO, said Wednesday in a statement that the reports of fraudulent purchases could lead to phishing attacks.
"(Criminals) may want to confirm your personal information, anything that could be matched with what they already have and then, upon getting it, steal your identity with the ability to open new accounts, apply for credit and more," he said.
Nearly 60 banks have told the MBA that they’ve been contacted by credit card companies about compromised cards. That number is likely to grow higher, according to the MBA.
Ben Cammarata, TJX chairman and acting CEO, said last week in a statement that the company has alerted law enforcement officials and information security experts and an investigation is underway. He also advised customers to take measures to safeguard their personal information.
Click here to email Online Editor Frank Washkuch Jr.