• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

« Previous Post | Blog Home | Next Post »

TJX Data Breach Looks Worse Then Ever

Posted on Mar 30, 2007 by Tom Fragala

TJX disclosed the other day that although 2/3 of the customer financial accounts supposedly were expired or had magnetic strip data blocked, the hackers were able to decrypt protected data. (This leaves out the checking accout data that was nabbed.) This breach has so many twists and turns, it’s hard to keep up. And it’s pretty clear TJX doesn’t know a heck of a lot about what happened. More from the WSJ

Information from at least 45.7 million credit and debit cards was stolen by hackers who accessed the customer information of TJX Cos. in a security breach that the discount retailer disclosed more than two months ago.

TJX, the owner of about 2,500 stores, said in a regulatory filing late Wednesday that about three-quarters of those cards had either expired at the time of the theft, or data from their magnetic strips had been masked -- stored as asterisks rather than numbers.

But TJX acknowledged it still knows little about the full scope of the breach, in part because the hacker or hackers accessed TJX's encryption software and could have known how to unscramble the information. In addition, TJX deleted much of the transaction data in the normal course of business between the time of the breach and the time that TJX detected it, making it impossible to know how many total cards were affected.

One thing of note. Notice that the hackers were able to access encrypted data via the encryption software. For those people that think encrypted data is some perfect solution to every identity theft problem, take note. Ecryption doesn’t work if the software and private keys are not protected.