Dubious Distinction: 45 million credit and debit card records may have been compromised.
TJX, the parent company of T.J. Maxx, Marshall's, and other retailers, disclosed in a Securities and Exchange Commission filing last week that more than 45 million credit and debit card numbers may have been stolen from its IT systems over an 18-month period, making it the largest customer data breach on record. TJX revealed the cybertheft in January but had declined to provide details. The SEC filing indicates a company with haphazard data security practices, at best.
TJX doesn't know "whether there was one continuing intrusion or multiple, separate intrusions," according to the filing. TJX discovered the break-in on Dec. 18, and it most likely dates back to July 2005. The cyberthieves may have stolen card data from TJX's Framingham, Mass., computer system during the approval process, in which payment data is transmitted to card issuers without being encrypted.
TJX recorded a fourth-quarter charge of about $5 million to cover the costs of containing and investigating the breach, as well as improving the security of its IT systems, communicating with customers, and paying legal fees. The Federal Trade Commission has launched an investigation of TJX, and lawsuits have begun to fly, including one by the Arkansas Carpenters Pension Fund, which owns 4,500 shares of TJX stock.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.