TJX: security breach happened earlier
TJX Cos. said today that the unauthorized intrusion into its computer system occurred nearly a year earlier than it previously believed.
The Framingham operator of such offprice retail chains as T.J. Maxx and Marshalls offered additional details about a data breach it first disclosed last month.
TJX said today in a statement: "While the company previously believed that the intrusion took place only from May 2006 to January 2007, TJX now believes its computer systems was also intruded upon in July 2005 and on various subsequent dates in 2005. TJX continues to believe there was no compromise of customer data after-mid December 2006."
On Jan. 17, TJX revealed that a hacker had broken into its computers, potentially compromising millions of credit- and debit-card numbers and drivers license data; it's been reported that thieves have used the numbers to make fraudulent purchases from Florida to Hong Kong.
Today TJX said it also now believes that credit-card and debit-card information from transactions at its US and Puerto Rican stores from January 2003 through June 2004 was stolen as were data from credit-card transactions at Canadian stores.
For most of the transactions from September 2003 through June 2004, some of the card information was masked at the time of the transaction, making that portion unavailable to the intruder, TJX said.
Names and addresses were not included with the credit and debit card data believed compromised, TJX said.
Debit card personal information numbers, or PINs; information from transactions at its Bob Stores; and transactions made with debit cards issues by Canadian banks are not believed to have been compromised, TJX said.
The company said it previously reported that it was concerned that T.K. Maxx customer transactions in the United Kingdom and Ireland might have been compromised; today TJX said its investigation has "found evidence of an intrusion to the portion of its computer system that processes T.K. Maxx customer transactions."
While TJX said it continues to suspect that customer information may have been compromised from this portion of its network, the company said it has not been able to confirm any unauthorized access to customer data or any theft of customer data from T.K. Maxx.
(By Chris Reidy, Globe staff)