TJ Maxx Security Breach Happened A Year Earlier Than Previously Reported

From the Boston Globe:

“TJX Cos. said today that the unauthorized intrusion into its computer system occurred nearly a year earlier than it previously believed.

The Framingham operator of such offprice retail chains as T.J. Maxx and Marshalls offered additional details about a data breach it first disclosed last month.

TJX said today in a statement: “While the company previously believed that the intrusion took place only from May 2006 to January 2007, TJX now believes its computer systems was also intruded upon in July 2005 and on various subsequent dates in 2005. TJX continues to believe there was no compromise of customer data after-mid December 2006.”

That’s awesome, guys. Way to be on the ball. TJ Maxx says that credit card and debit card information from January 2003 through June 2004 has been stolen.

At this point it might be best to assume that your credit/debit card information has been stolen if you’ve ever shopped at TJ Maxx/Marshalls. They don’t seem to have any idea what is going on. TJ Maxx has a toll-free line at 866-484-6978 for customers with questions about the situation.—MEGHANN MARCO

TJX: security breach happened earlier [Boston Globe] (Thanks, Kalun!)

PREVIOUSLY:TJ Maxx and Marshall’s Hacked


Edit Your Comment

  1. ElizabethD says:

    Ugh. I shopped a zillion times at TJ Maxx and Marshall’s during that time period, using my Amex card.

    “At this point it might be best to assume that your credit/debit card information has been stolen if you’ve ever shopped at TJ Maxx/Marshalls.” — Really? We haven’t noticed any odd activity on that account. My husband monitors all our transacations online every other night or so. Well, it’s something to consider. Thanks.

  2. WV.Hillbilly says:

    I believe Home Goods is owned by TJ Maxx/Marshalls, so you’re affected if you’ve shopped there as well.

  3. Katharine says:

    I just got a letter in the mail from my bank telling me there are sending me a new debit card and pin because of this. I don’t know if I am one for a reason or if everyone is getting one. I don’t have any weird activity on my card though.

  4. Dont Know Me? You Are Me. says:

    For those who have shopped there during that time frame, just because your card hasn’t yet been used by someone else doesn’t mean it won’t. There are very active, developed underground trading networks that deal in large databases of stolen CC numbers. It may well be that it’s just a matter of time if you still have the same card number.

  5. etinterrapax says:

    I just got my new debit card and PIN for this. My bank sent me a letter saying that the card companies had made a list of compromised numbers available to them, and mine was one. I have no recollection of shopping at any TJX businesses during the breach period, but who cares. I’m glad my bank was on top of things. Bottom line, though, is that there is a list, and if my tiny regional bank had access to it, larger banks ought to have it also. That’d save getting a replacement if you didn’t need it for this.

  6. superbmtsub says:

    I shop at Marshalls quite a bit but my old visa card expired in January … last month. HAHA! I’m FWREEE!

  7. mconfoy says:

    Ours was stolen. Had to cancel the card. Did they call and tell us? No. Did they even mention how it got stolen? No.

  8. coraspartan says:

    I also just got a new debit card and PIN as a result of this. All of my banking is done through a tiny northern Michigan credit union. If THEY know about it, then I can’t imagine all banks & credit unions don’t.

    I was very happy they were on top of this. This is yet another reason that I will never switch from my no fee, fantastic credit union to a crappy, fee-charging bank like Bofa.

  9. acambras says:

    I had to get a new debit card after my old number was compromised in mid-January.

    Of course I don’t know exactly where it was compromised — TJX? Stop and Shop? Who the hell knows?

  10. orielbean says:

    I think the Stop & Shop one was a very local issue where keypads were compromised. The TJX breach was more of the traditional, scary, central database being hacked.

    What sucks here, and is demonstrated by this story – the hackers are very good at covering their tracks. If they spoof an admin login, there is no telling how far back this goes.

    We need a consumer lobby to push for stiffer laws that truly protect our data, not just give us a free credit report and a f*ck you every time that this keeps happening.

  11. opsltd says:

    I thought I would throw this out there for everyone to digest.
    I have previously shopped at these “wonderful” establishments, and in the past month I have had to cancel and get re-issued two credit accounts.
    I found, on four separate occasions, a charge for $10.00 even to four different made up companies with four different contact phone numbers. Each of these charges occurred on or about the 10th of each month. (One account three times, the other once, Dec 06, Jan 07, Feb 07 time frame)
    I am embarrassed that I did not catch it sooner, but the small $10 charge did not catch my attention.
    All of you might want to check your credit card statements for similar charges.
    It might be a coincidence, but it is a big one at the very least.

  12. megnificent says:

    I did some Christmas shopping at Marshalls last November, so I was expecting my bank (SunTrust) to send me a new debit card and PIN. A week goes by and nothing happens. So, I call their 800 number and ask why I was not sent a new card. Their response? “We’re monitoring the affected accounts and will take action as necessary.” Monitoring my account? Like TJX monitored their security? I don’t think so. After all, wouldn’t I be responsible for the first $50 if my card # was stolen? I asked for a new card and the lady I was speaking to told me that wasn’t necessary. I had to ask for a new card 3 times before she finally agreed to do it. I’m assuming they were trying to save money by not sending new cards to all compromised customers.

    Bottom line, don’t wait for your bank to send you a new card. Assume your card was stolen and ask for a new one.