Analysis: As the full extent of TJX’s security breach comes to light, what next?

May 10, 2007

It seems that security breaches are getting worse. Not long after the Nationwide disaster, the full extent of the breach suffered by US retailer TJX -parent company of TK Maxx in the UK - has become clear.

The company has admitted, a full two months after hinting that some kindof breach might have taken place, that "at least" 45.7 million globalcustomer details have been compromised.

The data was accessed by hackers on TJX's systems in Watford,Hertfordshire, and Massachusetts over a 16-month period from July 2005and covers transactions made by credit and debit card dating as far backas December 2002.

Luckily, TJX reckons at least three-quarters of the affected cards hadexpired or data had been masked. A spokesperson for UK bankingassociation APACS told the media that the security compromise was"massive" and on a previously unheard-of scale.

TJX has been understandably coy about revealing what security measureswere in place. Although initial speculation focused on encryptiontechnology having been compromised through hackers gaining access codesfor the software, no official comment has been forthcoming.

Irrespective of the technicalities of how the hackers compromised thecompany's systems, the incident stands as a salutary lesson to allbusinesses, from global brands to SMEs. The full impact of the incidenton sales remains to be seen, but it's a fair bet that at least a few ofthose 45.7 million people will think twice before handing over theirplastic to TJX again.

This may not have been the best time for UK retailer Matalan to announceits plan to offshore its core IT systems to India and Poland, includingpoint-of-sale, stock control and replenishment, merchandising andfinance applications.

Although TJX has managed to bag the biggest breach award, there areplenty of prizes left. UK broadband provider Bulldog lost privatedetails on 100,000 customers.

prestitial ad