TJX Companies, Inc., the parent company of T.J. Maxx, Marshalls and other discount stores said Wednesday that part of its transaction system had been breached by attackers who stole an unspecified amount of customer data.
The company said it discovered in December that an attacker had used discovered and exploited a flaw in the system it uses to handle credit cards, debit cards, check and merchandise returns.
The company asked investigators not to immediately reveal the incident, which involved data on customers who shopped between 2003 and December of 2006 at T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico and possibly the U.K. and Ireland. U.S.-based customers of Bob's Stores, which TJX also owns, could also be affected.
A TJX spokesperson said the losses involved a "relatively small number" of customers, who the company will contact directly. TJX has hired General Dynamics Corp. and IBM to assess the loss and secure its systems.
The original version of this story was published on SearchSecurityChannel.com sister site SearchSecurity.com.