Hackers infiltrated network systems - potentially accessing the personal details of millions of shoppers - at TJX companies for a longer period than the discount clothing retailer initially thought.
TJX said investigators have determined the company’s network was actually breached in July 2005 and later that year, according to a statement released on Wednesday. When the company reported the breach last month, it believed intrusions only occurred from May to December 2006.
In addition, the company said credit and debit card transactions completed between January 2003 and June 2004 at its US, Puerto Rican and Canadian outlets were compromised. TJX previously reported that the data was "potentially" accessed.
The corporqtion also said it has discovered evidence that the portion of its network that processes T.K. Maxx transactions may have also been hacked. T.K. Maxx stores are located in the UK and Ireland.
While some criticised TJX for failing to initially report the extent of the breach, customers should give the company a pass, said Miriam Wugmeister, head of the privacy and data security practice at Morrison and Foerster law firm in New York.
"It can be very difficult for organisations to quickly assess how much information has been compromised," she told SCMagazine.com today. "Sometimes, accurate information is equally important."
TJX still has not revealed how many customers have been affected, although industry experts suspect millions could be impacted.
"With the help of computer security experts, we have strengthened the security of our computer systems, and we believe customers should feel safe shopping our stores," Carol Meyrowitz, the company’s president and CEO, said on Wednesday in a letter to customers. "We value the trust our customers place in us and again, I’d like you to know that we sincerely apologise for any difficulties we may have caused."