A hacker or hackers stole data from at least 45.7 million credit and debit cards of shoppers at off-price retailers including T.J. Maxx and Marshalls in a case believed to be the largest such breach of consumer information.For the first time since disclosing the theft more than two months ago, the parent company of nearly 2,500 discount stores put a number on how much card data was compromised — and it's a number TJX Cos. acknowledges could go still higher.
Experts say TJX's disclosures in a regulatory filing late Wednesday revealed security holes that persist at many firms entrusted with consumer data: failure to promptly delete data on customer transactions, and to guard secrets about how such data is protected through encryption.
"It's not clear when information was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was," said Deepak Taneja, chief executive of Aveksa, a Waltham, Mass.-based firm that advises companies on information security.
Read More
