Discount retailer TJX Cos. outlined a massive customer data theft in a regulatory filing late Wednesday, with stolen information covering transactions dating back as far as December 2002.
Media reports said at least 45.7 million credit and debit card numbers were stolen. The company (TJX) , whose stores include TJ Maxx, Home Goods and Marshall's, said it learned of the suspicious software on its computer system on Dec. 18, 2006.
The following day it immediately initiated a probe and hired General Dynamics Corp. (GD) and International Business Machines (IBM) to help in the investigation. TJX first disclosed the breach on Jan. 13.
TJX said information was stolen from a portion of its computer systems in Framingham that process and store information related to payment card, check and unreceipted merchandise return transactions for customers in T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico and the Winners and HomeSense stores in Canada.
