TK Maxx shoppers at risk of fraud
In what is being billed as the biggest electronic “bank heist” ever, thieves have stolen the details of45.7 million credit and debit cards after hacking into the computer systems of the store’s owners in the US and Britain.
The British operation of TK Maxx owners TJX stores details of all card payments made at the chain’s 200 discount stores in Britain and Northern Ireland as well as the eight shops in the Republic.
Now customers are being urged to check their bank statement and credit card bills for any irregular transactions and report the loss to their banks.
“We suspect that customer data for payment card transactions at TK Maxx stores in the UK and Ireland has been stolen. We suspect that these files contained payment card transaction data, some or all of which could have been unencrypted and unmasked (and therefore easily readable),” said the company.
TJX said the thieves had used sophisticated software to access its computer systems in Watford, Hertfordshire, and in Framingham, near Boston, Massachusetts.
The information stolen included four years of transactions up to December last year, including information from shoppers who visited the company’s stores in Ireland and Britain.
Most of the data stolen relates to transactions carried out by American shoppers at the TJX group’s 2,000 stores in the USA but TK Maxx has been targeted on both sides of the Atlantic.
In the USA banks and card companies have already found “preliminary evidence” of fraud using the data stolen from companies under the TJX banner.
Last week police charged six people in Florida with using credit card numbers that investigators believe were stolen from a TJX database.
The numbers were used to buy around $1 million (€750,000) worth of electronics and jewellery with gift vouchers.
TK Maxx spokeswoman Sherry Lang said the firm did not know how many of the cardholders affected were shoppers in Britain and Ireland.
The firm has also admitted it does not know who the electronic thieves were, or how many people were part of the scam.
But the firm stressed three-quarters of the details stolen related to cards which had subsequently expired.
Of the 15 million still valid, 3.8 million had encrypted information making it hard for thieves to access, while 11.2 million had clearly accessible data that could be used.
In the US, the owners of TK Maxx have come under fire with banking bosses alleging the company’s systems lacked proper security measures.
Last night bankers in Ireland said Visa and MasterCard, which process card transactions, had high security requirements of retailers who take payments on debit and credit cards.
A spokeswoman for the Irish Payment Services Organisation, which represents banks, said: “If a merchant has been found not to be in compliance it would be taken very seriously and action will be taken.”
TJX said security had been tightened on its computer systems and customers can feel safe shopping in its stores.
A helpline, at calling rates to Britain, has been set up on 00-44-800-779015.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
