By DENISE LAVOIE, Associated Press Writer Thu Jan 18, 5:53 PM ET
TJX said hackers had broken into a system that handles credit and debit card transactions, as well as checks and merchandise returns for customers in the U.S. and Puerto Rico and may involve customer accounts from the U.K. and Ireland.
Visa USA said in a statement that it has provided the affected accounts to banks that issue its cards so they can take steps to protect consumers. The company said it is assessing all credit card transactions in real-time to help banks distinguish fraudulent transactions from legitimate ones.
Bank of America and American Express also said they are monitoring their credit cards for unusual activity. Christine Elliott, a spokeswoman for American Express, said the company has not seen any fraudulent purchases.
TJX officials refused to say how many customers had their data stolen or accessed by a computer hacker. The Wall Street Journal reported Thursday that more than 40 million cards may be affected.
Spokeswoman Sherry Lang said the Framingham-based TJX has identified a "limited number" of credit and debit card holders whose information was stolen from its computer system, adding that the number was "substantially less than millions."
A smaller number of customer names with driver's license information was stolen from the system, she said.
Visa and other credit card companies pointed out that consumers are not responsible for fraudulent purchases.
But the news that a computer hacker could have private financial data had customers nervous.
"Of course I'm worried. I charged a lot of purchases at Marshalls over Christmas," said Sara Rafferty, a gas station clerk from Fishers Island, Conn.
"I'm going to go back and check my statements and I'm going to ask my bank for a new card," she said.
Hackers broke into a system that handles credit and debit card transactions, as well as checks and merchandise returns for customers in the U.S., Puerto Rico, and may also involve customers of T.K. Maxx stores in the U.K. and Ireland, Lang said.
The break-in was discovered in mid-December, but was kept confidential until Wednesday at the request of law enforcement officials.
TJX has not been informed of any fraudulent purchases at this point, Lang said. The company has established a hotline for concerned customers, (866) 484-6978, and posted advice on checking credit records on its Web site. The company said it has hired General Dynamics Corp. and IBM Corp. to upgrade its security system.
Mike Cook, a co-founder of ID Analytics, a San Diego-based company that detects and prevents identity fraud, said only a small percentage of accounts involved in a data breach end up misused.
"If you are a consumer and you're part of the TJX breach, you are hoping it's 10 million people because the chance of your name being misused goes down considerably depending on the size of the data breach," Cook said.
AP Business Writer Eileen Alt Powell contributed to this report.
Copyright © 2007 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.