It's official: about 45,6-million people have had their credit card details stolen in ongoing hacking from a US retail giant's internal computer systems.
Shoppers are constantly cautioned to beware of theft when shopping online, but the latest news highlights that they could be just as vulnerable shopping at a physical store.
TKX, the parent group for a number of US-based stores, discovered suspicious software on its computer systems in late December 2006. In the following days the retail giant determined that files carrying credit card, debit card, check and unreceipted merchandise return transactions had been accessed illegally since July 2005.
"Many consumers are nervous about using their credit cards online, but in this case – probably the biggest heist of credit cards in history – the information stolen was from shoppers who had walked into a high street store, and bought their clothing face-to-face using plastic," says Graham Cluley, senior technology consultant for Sophos.
"Big businesses must defend their systems from these kind of intrusions or risk undermining customer confidence. Consumers meanwhile need to keep a close eye on their credit card accounts and raise a flag if there are unexpected debits which could be the work of fraudsters."
A statement on TJX's website acknowledges that precise details of what had occurred remained sketchy: "We do not know who the intruder was, or if there were one or more intruders … Due to the type of technology used in the intrusion as well as deletions of transaction data in the ordinary course, we can't now, and believe that we may never be able to, identify much of the information believed stolen."