Skip to main content

TJX card hack - more repercussions surface

The widely-publicised systems hack of the TJX group of companies, which includes TJ Maxx, appears to know no limits, as reports are now coming in that punters' card details are still being hawked around the hacker underground.

The reports follow on from a dealer in stolen card numbers being arrested last month, and allegedly found to have a TJX database in his possession.

US IT journalist Richard Stiennon posted an interesting story earlier this week, noting that, whilst TJX has been open on when the system hacks occurred, it hasn't detailed how the incursions actually took place.

This hasn't stopped some news sources from speculating, however - one report in the Wall Street Journal claims that the thieves broke in via a badly configured WiFi access point in a Marshall's store.

Stiennon says that one less circulated story is that thieves broke into multiple TJ Maxx stores via kiosks that were kept in the back of the store for accepting job applications.

"I believe that there were multiple incidents over a period of at least four years and that TJX had such bad security procedures that it was open season on their data by many hackers," said Stiennon.

The ZDNet journalist almost makes some interesting comments about the timelines of the TJX hacks, with police filings apparently pre-dating the TJX claims by around nine months.

Read these fascinating claims here...