TJX Cos.' data-breach woes stemmed from hackers intercepting wireless transfers of customer information at two Miami-area Marshalls stores, an eight-month investigation by the Canadian government concludes.
TJX's failure to upgrade its encryption system allowed the electronic eavesdropping beginning in July 2005 and continuing for a year and a half, the report says. At least 45 million credit and debit cards were exposed to potential fraud, according to an Associated Press story on Newsvine.com.
Concludes Canadian Privacy Commissioner Jennifer Stoddart:
The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it -- putting the privacy of millions of its customers at risk.
According to vnunet.com, the company has agreed to a settlement of the huge class-action lawsuits filed after the breach. Customers whose credit card and personal information were stolen and used fraudulently will be given three years of free credit monitoring and identity theft insurance. Those whose credit card information was stolen but not used will be offered store vouchers.
The company's costs related to the breach are estimated at roughly $128 million.