TJ Maxx Update- More Customers Screwed

TJMaxx is still investigating their massive security breach that I wrote about here. And as is most often the case when you do a real investigation, they have uncovered more extensive exposure of data than was previously known and reported.

Specifically, drivers license information that TJMaxx records whenever someone returns a product without a receipt may have been compromised. From CNET here:

The TJX Companies, the discount retailer best known for its T.J. Maxx and Marshalls clothing stores, said Wednesday that its hacking investigation has uncovered more extensive exposure of credit and debit card data than it previously believed.

The breach of credit and debit card data was initially thought to have lasted from May 2006 to January. However, TJX said Wednesday that it now believes those computer systems were first compromised in July 2005.

In addition to these exposures, TJX said there were more breaches of driver’s license information than it previously thought. These included the license numbers, names and addresses of customers making merchandise returns in the U.S. and Puerto Rico locations of T.J. Maxx, Marshalls and HomeGoods stores. That compromised data, according to TJX, is restricted to returns without receipts that took place in the last four months of 2003, as well as in May 2004 and June 2004.

TJX plans to notify customers whose driver’s license data may have been accessed.

TJMaxx has been forthright with their customers on this data breach and they should be applauded for how they have handled the incident, investigation and cleanup.