TJX breach total: over 45.7 million card numbers stolen

powned.I reported on this earlier, but only now are we learning the scope of the breach. “_At least 45.7 million credit and debit card numbers were stolen by __hackers who broke into the computer systems at the TJX Cos. in Framingham and the United Kingdom and siphoned off data over a period of several years, making it the biggest breach of personal data ever reported, according to security specialists. TJX, the Framingham discounter that operates the T.J. Maxx and Marshalls clothing chains, also reported in a regulatory filing yesterday that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers’ license numbers. ‘‘It’s the biggest card heist ever,’’ said _Information Security pain points…_Avivah Litan, vice president of Gartner Inc. ‘‘This was obviously done over a long period of time, in many locations. It’s done considerable damage.’’_” There’s been news that the cards have been used for months now, and now Consumerist covers the ongoing how did this happen question. “_TJMaxx computer system intruders who stole 45.7 million credit cards. **The __worm operated __undetected for at least 18 months**, capturing credit card numbers, then __changing timelogs and moving data around to erase its tracks. Initial speculation suggested that the thieves had access to the retailer’s encryption _key. Now it may be that the program captured data before it was encrypted. If the latter, the ramifications are immense, as** it means every single retailer’s credit card processing system is at risk**.