TJ Maxx Data Thieves Caught Buying $8 Million in Walmart Gift Cards

Stolen TJX data has been linked to 6 arrests in the Miami area. According to the AP, the ID thieves exploited a Walmart gift card loophole that allowed them to buy multiple $400 gift cards without showing ID, which they would then redeem or sell.

From the AP:

“Losses experienced by Wal-Mart and the banks issuing the credit cards currently total more than $8 million in Florida and are still being calculated,” a release from the department said.

Framingham, Mass.-based TJX discovered in mid-December that customer data had been stolen by computer hackers and used to make fraudulent debit card and credit card purchases, but did not inform the public of the breach until mid-January. TJX, parent of T.J. Maxx, Marshalls, HomeGoods and other chains, later said it took a month to make the breach public because it was trying to prevent further damage.

The company at first thought the intrusion began in May 2006 and ran into January, but later said it found the breach started nearly a year earlier, in July 2005.


Florida arrests linked to data theft from TJX systems [Boston Globe]
Stolen Data From T.J. Maxx Parent Company Surfaces In Florida Wal-Mart Fraud [Information Week]

PREVIOUSLY: TJ Maxx Security Breach Happened A Year Earlier Than Previously Reported
T.J. Maxx Credit Card Breach Probed By MA & RI AGs
(Photo: Jels)


Edit Your Comment

  1. Walmart refuses to remove rat poisoned pet food of their shelves, ditto for nazi tshirts, pays their employees so low that they go on public assistance, discriminates… and now add to the list: Promoting Identity Theft.


  2. mopar_man says:

    I’m glad to see Wal-Mart getting ripped off for a change. It’s unfortunate for everybody else involved though.

  3. kenposan says:

    Couldn’t they have at least went to Target? LOL

  4. esqdork says:

    The theives should have their hands cut off.

  5. itmustbeken says:

    My wife had her purse stolem 2 weeks ago, the first place they went to was WalMart. This is where the “flies are attracted to sh___” joke should go.

  6. jaredharley says:

    Ahhh, yes, I remember the TJX debacle. During that month before the press release, Citi Bank sent me a new credit card (4345 2280 just kidding) with a letter saying “Here’s your replacement card for the one you reported lost/stolen.” Of course, I had done no such thing, so I called them up. The CSR explained that TJX had reported my number (along with hundreds/thousands of others, I’m sure) possibly stolen to Mastercard, who then passed along the info to Citi Bank. They decided to take a proactive approach and automatically issued everyone new account numbers and cards. Despite my confusion, I thought it was pretty nice thing of them to do – I don’t remember it, but apparently I once used that card at a TJX store – I never would have thought twice about it until the fraudulent charges showed up in my account.

  7. Kind of off topic, but I recently arranged a vacation paying with an account I haven’t used before. I only made online transfers between two checking accounts.

    Going from inactive, to highly active in a 24 hours period must have signaled some alarm as Wells Fargo cancelled the card, and I got a new one in the mail like two days later. I didn’t even know it was cancelled until I got the new card.

    Pretty nifty.

  8. Katharine says:

    My bank issued me a new card and pin also because there was a possiblity that my number could have been taken during this mess. I just had to activate it today. I think a lot of banks are being proactive about it because it is cheaper for them then having to track down a bunch of stolen money.

  9. Jason-Ryan-Isaksen says:

    They probably went to Walmart because they have those new self serve checkouts which is a stolen credit card thiefs dream come true, since nobody will even notice a guy is using a womans credit card.

    For online purchases I’d recommend the Amex Blue card. I use it for everything online since it has no annual fee, seven months of chargeback protection, and you can order a card reader for it which you put on your computer and when you swipe it, it makes a one time use credit card number tied to that account. Great for when you don’t want to worry it’s going to get stored in some database for years.

    A lot of the problems is the issuers and retailers though. CCV numbers are not allowed to be kept after the transaction, but most online sellers keep it anyway, also the exp date isn’t checked, it’s just checked to see if it’s expired or not. If they didn’t store those CCV numbers things would be a lot more secure when their database is hacked and stolen.

    With Visa/MC the chargeback period where you’re protected ranges between 2 and 6 months, depending on the issuing bank. I’d ask what this time frame is before there’s a problem. Of course the chance some waiter is going to copy your number down is a risk also, but they can do just one at a time, hackers want a million at a time which is a lot more damaging.

    We really do need stronger laws on the books, and manadatory sentencing guidlines like in drug cases when a certain number of thefts (card numbers) are done by a person.

    The problem is that the fraud orders are the burden of the person selling an item, plus they get socked with a $25 chargeback fee so the credit card companies don’t have any reason to change, they make billions each year off those fees, and they don’t risk anything anyway, it’s the merchants problem if they ship a notebook.

    Jason Isaksen

  10. FLConsumer says:

    They chose Mal-Wart because they’re from La Republica de Miami, the only 3rd world country within the United States. For many of them, Mal-Wart is an upgrade from their surroundings. Miami — it’s a sewer.