Post by Admin on Mar 31, 2007 4:42:29 GMT
LONDON (Reuters) - Customers of the T.K. Maxx discount chain were warned on Friday to check their credit card statements after millions of card details were stolen from the store's American owner.
In one of the world's largest such thefts, U.S. retail group TJX said that information from about 45.7 million credit and debit cards was stolen in a computer data security breach over an 18-month period.
The firm said personal information -- including names, addresses and personal ID numbers -- of about 451,000 people who returned merchandise without a receipt was stolen, adding to 3,600 it had previously identified.
The company operates T.K. Maxx in Britain and Ireland, as well as T.J. Maxx and Marshall's chains in North America.
In a message on its Web site, it said credit and debit card customers in Britain should check their statements for any unauthorised transactions.
The company gave the details of the data theft in a regulatory filing to the U.S. Securities and Exchange Commission late on Wednesday, more than two months after first disclosing that its computer system had been compromised by hackers.
Data from about 75 percent of cards had either expired or had masked data, meaning that the card numbers were not readable, the company said in the filing.
It said it did not believe PIN numbers were stolen, as they were not stored on its British computer in Watford and encrypted on its American system in Framlington, Massachusetts.
The company said it believes its computer system was accessed by an unauthorised user in July 2005, then on subsequent dates in 2005 and from mid-May 2006 to mid-January 2007.
It added that no customer data was stolen after December 18, 2006.
The information stolen mainly related to transactions made between 2003 and 2004.
The company said it had contacted Scotland Yard and the UK Information Commissioner about the breach.
Sandra Quinn, of British payments system Apacs, told BBC radio the theft was on a scale not heard of before but said much of the lost data would be out of date.
"I'd like to reassure customers that if they were doing transactions with T.K. Maxx between 2003 and 2004 they will generally now have a brand new debit or credit card in their wallet, so they can be sure that it will be the old details on the card that has been compromised, not their current card," she said.
Last week six people in the Miami, Florida area were arrested in connection with the purchase of hundreds of thousands of dollars worth of gift cards from Wal-Mart Stores and Sam's Club with credit and debit cards suspected of coming from the TJX security breach, according to media reports.
