Dubious Distinction: 45 million credit and debit card records may have been compromised.
TJX, the parent company of T.J. Maxx, Marshall's, and other retailers, disclosed in a Securities and Exchange Commission filing last week that more than 45 million credit and debit card numbers may have been stolen from its IT systems over an 18-month period, making it the largest customer data breach on record. TJX revealed the cybertheft in January but had declined to provide details. The SEC filing indicates a company with haphazard data security practices, at best.
TJX doesn't know "whether there was one continuing intrusion or multiple, separate intrusions," according to the filing. TJX discovered the break-in on Dec. 18, and it most likely dates back to July 2005. The cyberthieves may have stolen card data from TJX's Framingham, Mass., computer system during the approval process, in which payment data is transmitted to card issuers without being encrypted.
TJX recorded a fourth-quarter charge of about $5 million to cover the costs of containing and investigating the breach, as well as improving the security of its IT systems, communicating with customers, and paying legal fees. The Federal Trade Commission has launched an investigation of TJX, and lawsuits have begun to fly, including one by the Arkansas Carpenters Pension Fund, which owns 4,500 shares of TJX stock.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.