The 8 largest information security breaches: TJX Companies Inc., 2006-2007

In Information Security ByTeam Acumin / 31st August 2015

At the time, the TJX Companies data breach of 2006-07 was the biggest consumer data security breach in U.S. history, making headlines across the globe, and giving consumers and corporations alike a serious wakeup call.

What happened?

In 2007, it was discovered that hackers had gained access to TJX databases, which contained the details of millions of people in the United States, due to the fact that the company stored data for a number of big retail brands, including HomeGoods and T.J. Maxx.

What made this breach so concerning was the fact that hackers had managed to gain access to many of these people’s credit and debit card details over a period of 18 months.

Around 450,000 of the company’s clients also had personal details such as their driving license numbers and addresses stolen in the breach.

How many records were accessed?

A minimum of 46 million records were accessed in this breach, although the true number affected by the hack could actually be closer to 90 million, if some experts are to be believed.

How it happened

This whole sorry saga could have been avoided if only the executives at TJX had taken information security more seriously. The corporation failed to correctly secure its network, using only WEP encryption, which has been known to be unsafe since at least 2001. This enables hackers armed with a telescope-shaped antenna to crack the key and gain access to the credit card details of millions.

What’s happened since?

Taking into account legal actions against the company, this data breach cost TJX a total of $256million. During the investigation, it was also found that Albert Gonzalez, one of the people responsible for the Heartland data breach, was also involved in the hacking of the TJX system.