I reported on this earlier, but only now are we learning the scope of the breach. “At least 45.7 million credit and debit card numbers were stolen by hackers who broke into the computer systems at the TJX Cos. in Framingham and the United Kingdom and siphoned off data over a period of several years, making it the biggest breach of personal data ever reported, according to security specialists. TJX, the Framingham discounter that operates the T.J. Maxx and Marshalls clothing chains, also reported in a regulatory filing yesterday that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers’ license numbers. ‘‘It’s the biggest card heist ever,’’ said Avivah Litan, vice president of Gartner Inc. ‘‘This was obviously done over a long period of time, in many locations. It’s done considerable damage.’’” There’s been news that the cards have been used for months now, and now Consumerist covers the ongoing *how did this happen* question. “TJMaxx computer system intruders who stole 45.7 million credit cards. The worm operated undetected for at least 18 months, capturing credit card numbers, then changing timelogs and moving data around to erase its tracks. Initial speculation suggested that the thieves had access to the retailer’s encryption key. Now it may be that the program captured data before it was encrypted. If the latter, the ramifications are immense, as it means every single retailer’s credit card processing system is at risk.“

Related posts

• Volume of spam increased 147% in 2006 (0)
• Use a safer browser! (0)
• TJX Companies data breach reveals credit card data (2)
• This is a picture (2)
• The premature crowning of Hillary (3)