, SecurityFocus 2007-10-26
Story continued from Page 1
The thieves managed to continue accessing the company's servers for the next 18 months until December 2006, when TJX became aware of the issues. In total, more than 80 gigabytes of data were transferred from the company's network, forensic analysis revealed.
The thieves sold off the card numbers, kicking off an epidemic of fraud. Between $68 million and $83 million in fraud in 13 countries can be attributed to the TJX breach, according to an excerpt of an August 31 deposition of Joseph Majka, vice president of investigations and fraud management at Visa USA. Visa's estimate of the damage caused by the breach will only increase, Majka stated.
"Due to the sheer number of accounts that are believed to be exposed and compromised," the damages will likely rise, the executive stated during his deposition. "You know, these are going to be sold off for a period of time in the future, so it's going to continue for some time out there."
As of June 2007, Visa established that 65 million unique accounts had been compromised because of the breach, Majka stated. Mastercard International estimated that at least 29 million cards of its cards had been compromised, the card company's Director of Fraud Management Neil Maguire stated in an excerpt from his September 27 deposition.
The 94 million cards is more than twice TJX's original estimate of the extent of the breach: 46.5 million.
If you have tips or insights on this topic, please contact SecurityFocus.