Credit Card Data Leaked By T.J. Maxx Used To Steal Millions Of Dollars Worth Of Goods

from the oh-yeah,-plus-the-shareholders-are-suing dept

This can’t be a good week for TJX, the parent company of T.J. Maxx, Marshalls and a bunch of other retailers. As you probably remember, earlier this year, the company made news after it came out that some scammers had broken in and accessed credit card and other personal info on tens of millions of customers — which many consider to be the biggest such data leak ever. Of course, in many of the other cases of data leaks, the end result, while annoying, didn’t actually involve criminals using the leaked data. No such luck for TJX. A new report says that some scammers in Florida used the data from TJX to create dummy credit cards, and then purchased Wal-Mart and Sam’s Club gift cards which were redeemed for about $8 million worth of goods. It’s interesting to note what brought the scam down was that the scammers started using multiple cards at once — and almost all of the cards were for $400, just under the $500 limit that would require identification.

On top of this latest bit of bad publicity, TJX also has to deal with the fact that one of its largest shareholders is now suing the company over the breach — saying that the company hid important information about the breach from shareholders. This may not be the “Digital Enron” security case that some people are expecting, but it is shaping up to be quite a mess.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Credit Card Data Leaked By T.J. Maxx Used To Steal Millions Of Dollars Worth Of Goods”

Subscribe: RSS Leave a comment
Chuck Norris' Enemy (deceased) says:


Why does a department store need to store a credit card number and personal information for longer than a quick credit card transaction? Why is the information so complete that a thief, which could be a scammer without access or a disgruntled employee with access, could apply for a credit card and get one in someone else’s name. The credit card companies and Wal-Mart must have thought they got a big boost in sales that month. 😀

TheDock22 says:

Re: Re: Whys?

Which laws? As far as I know all they need to keep is the account number, the date purchased and the amount put on the card.

In order to open a new account they would need the person’s Name, Birthdate, SSN, and an address of some sort. If someone was able to use the TJX data to open new credit cards, then all of this information must have been stored (or enough of these pieces that an internet address search could supply the rest).

And the other part of this is the consumer themselves. It’s pretty easy to track your credit history for free. Just go to and every 4-months pull a history from one of the companies. If there is anything suspicious, then you can head it off pretty quick. It would be hard for someone to do a ton of irreversible damage to your credit in a 4-month period.

Sherryl says:

Re: Re: Re: Whys?

It is not just your credit they are after. Credit is only a small part of who you are. “But officer I have never been to Nevada let alone been arrested for prostitution!” exclaimed the 84 year old grandfather. I work within the criminal justice system, you would be amazed what a clever devious person can do with your information.

Keybored says:

Ah the modern age

Technology sucks and big business (and consumers) are paying the price. It’s really quite a shame how we worship money. I drive past these farmers plowing their fields with a big ole’ plow and a team of bulls. Yes I live in rural Pennsylvania USA and I think those hard working men are having the last laugh on us. Too bad we are destroying the world they live in harmony with.

TheDock22 says:

Re: Ah the modern age

Farmers don’t use money? Ha! Come to MT sometime. Every year the farmers complain that it is too dry so they get money from the government for damages. And then last year when we got tons of rain, they complained it was too wet and got fat checks from the government! Living in harmony with nature my but, they are living in harmony with their wallets.

Casper says:

Re: Ah the modern age

You are so out of touch with reality it’s scary. I grew up on a farm and I always worked with computers. To say that technology is the enemy is hypocritical. What do you think a plow is? How about the wheel? Rope? Nails? Knives? Your not logically analyzing the situation.

Technology is not inherently bad, the bad comes from an inferior quality of people. If everyone understood technology, we wouldn’t have this problem. Instead we have people who are either too lazy or too stupid to learn the new technologies, and would rather blame the technology then themselves. When a person is stupid, they hand over their account information to a fishing scam or malware. When a company is stupid, they allow predatory scammers to obtain mass quantities of information or enable scammers to use stolen information without protection for their customers. So, in these situations, you have a stupid person enabling a criminal; not technology defrauding a person. Yes, the criminals have a better grasp on technology then a lot of people (in the US at least), but why is it the technologies fault that the citizens are failing to keep up? Does it really take a rocket scientist to figure out that sending $1000 to someone in Nigeria is a bad idea? How about to figure out that it is a bit odd for a company to need to ask for your password, when they have it on file?

How about rather then blaming everything else, we start looking at the person or company at the center of the problem. Just because someone is a “victim”, does not mean they are innocent.

Ummm.... says:

Re: Re: Ah the modern age

You obviously haven’t ever toured the Amish community in order to gain insight and understanding into their way of life. They do not reject modern technology as a whole. They reject anything that endangers their family members from getting separated from each other. Things like electricity allow things like radio, TV, computers, etc. to come into the home, and when a person gets wrapped up in those things, that means they aren’t spending time with the family. Vehicles allow people to easily travel far away…from the family. And so on. If the horse and buggy isn’t good enough to go into town, they catch rides on buses or with friends outside the community. While this may be somewhat of an extreme approach, it does make a lot of sense.

But as an example of how they do not reject technology as a whole, the Amish dairy farmers have electricity in the barns in order to run the proper equipment for maintaining a sanitary environment for processing milk. Also, I saw one house that was allowed to have electricity in it for running the life support equipment for one of their children who was born with a severe condition. Again, this helps keep the family together.

Furthermore, when their children enter their teenage years, they enter a phase known as “rumschpringa” (not sure about the spelling) which means “running around.” They are allowed to venture out and experience all the outside world has to offer, and they are given the choice of leaving the community for the outside world, or to stay. If they do leave and later want to come back, they are generally welcomed back. However, if you stay and join the Amish church and then later reject it and leave, they consider you dead, holding a funeral and everything, and you can never come back. It is a difficult way of life, but it is not without its good points. In a lot of ways, they are better off than we are.

Casper says:

Re: Re: Re: Ah the modern age

I’m not disputing that some people may find it appealing, nor do I think people should tell them how to live. I, however, do not see it as a good example of a functional society. It is isolationism. Everything in the society was geared to limit the influence of the outside world. Much like cult designs, they inhibit their children’s ability to ever successfully leave the collective due to a lack of fundamental training and socializations required for the greater of society. I’m not saying their are bad or evil, but I am saying that you do not understand the full culture enough to draw a comparison. To refer to it as a scheme that might apply to a larger scale is absurd. The reason they can function with a level of freedom such as they are afforded is due to the fact they sit in the middle of one of the most technologically powerful nations on the planet. They don’t have to worry about the negatives that come with truly being isolated.

People are free to live their lives as they see fit, but you can not take a superficial glance at a society and make a call of which way is better. You have to weigh the pros and cons for yourself. I happen to have lived around, and know, groups (not Amish, but isolationistic) and families that function in similar manors and have talked to the children. Many times it is not the fact that they don’t want to leave or that they recoil from mainstream society, but rather that there isn’t a way to get out. Each generation is not only ingrained with a narrow teaching from the previous, but they are also hobbled in their ability to assimilate into any society other then the one they are born into.

Anonymous Coward says:

I think he was referring to the Amish community. And yes, they do use money, but nothing like the way traditional farmers or the rest of the world does.

And for that matter, I come from a farming family. Farmers’ wallets are by no means fat. You obviously have not ever looked at the financial books for a farming operation. Chemical, seed for planting, and fuel costs are through the roof, not to mention the cost of machinery purchases and maintenance.

Try buying a quarter-million dollar combine and see how that fits your budget. And then put on new tires every couple years or so that cost over $1000 per tire. Farmers get stuck buying all their supplies at retail prices, are forced to sell their product at rock bottom wholesale prices (and not before the grain elevators take their cost out of it), and pay shipping both ways (see the previous comment on the elevator’s cut). And the middle man wins big in the deal. The price of cereal in the store goes up, the price per bushel of grain for the farmer goes down. Who gets the money? You do the math.

As for the farm programs, it’s bad enough that the government is giving out free money in the first place. But on top of that, there are loopholes that allow colleges/universities and even prisons with agricultural programs to get access to that money, which they certainly don’t deserve. They are stealing money from hard-working farmers that are just trying to keep their heads above water. My parents have to take out a new operating loan every year just to be able to buy supplies to go another year, sometimes before they can even pay off the previous year’s operating loan. Sometimes I think they’d have better luck going to a casino, because you have a lot better chance of winning millions in a poker tournament than you do betting that an entire year’s crop will survive the weather, insects, and various diseases, and actually turn a profit when it’s all said and done.

So don’t talk to me about our farmers having plenty of money. I’m not saying there aren’t some rich ones out there, but they’re probably in control of mega farms or something. The small family farm is a dying breed, and you can thank our wonderful economy for that.

Back into the topic at hand, I agree that it’s stupid for retailers to hold onto sensitive information like that, especially if it’s not secure enough. I try to limit the number of places online that want to store my credit card info as much as possible. Even though it’s convenient, I don’t feel it’s safe enough. I wonder though, if the data that got leaked was for credit cards that are applied for from the retailer (assuming they have cards like that, similar to JCPenny’s and Sears). In that case, the retailer would probably have good reason to hold onto that info.

TheDock22 says:

Re: Re:

So explain this one to me…

Why does the government pay a wheat farms close to $1 million dollars NOT TO PLANT ANYTHING ON THE FARM because there is too much wheat being grown at the time?

Why is it my Aunt who is a farmer just built a $300,000 dollar home and toured Europe this year, even though she claims it was a bad year and had to apply for government assistance?

How come not a single farm in Montana has closed due to lack of money, but they all apply for governmental assistance? Other states might be different, but Montana farmers have a good scam going.

Anonymous Coward says:

Re: Re: Back on Topic

Anything else bought would have a serial number that would be trackable. WalMart cards bring !00% on the dollar when sold since they can be used for food and gasoline. As to the genius who said that can get a credit report every 4 months, the reality is once a year from each of three bureaus. But not many transactions hit all three bureaus. Also takes months to get there.

TheDock22 says:

Re: Re: Re: Back on Topic

Yea, once a year from from each credit Bureau. Obviously someone flunked math class: 12 months (1 year in other words) divided by 4 (every four months) is 3 (which there are 3 credit bureaus). After you get a credit report from the last company, four months later you will be upon your 1 year for the first company. So, yes, every four months you can get a free credit report from one of the 3 companies.

And where all credit places do not report to that same company (so you will not have all the credit cards listed), all three companies will have a listing of every mailing address you (or a thief) have claimed to live at. If there is more than 1 address that you do not recognize then chances are your identity has been stolen.

If you are really worried about your identity though, then buy the reports every month. If you are not worried at all, then check TransUnion at least once a year because they seem to have the most complete history.

wrs (profile) says:

Re: Looks like they revamped counterfeiting

Sorry to get back on topic, but I was wondering why they bought gift cards and then used the gift cards to purchase merchandise. Why didn’t they just buy the merchandise directly, without the extra step of buying the gift card? Can someone explain the reason for this?

Wizard Prang:
“Credit Laundering”. — Well, sort of. Kind of counterfeiting it is too. Creating gift cards translate money into pseudo-money, but much easier to counterfeit and much harder to track. And if the other end of it is not the one purchasing by the card, the purchaser becomes almost invisible — and probably inaccessible for any authorities.

Especially (and that one is for you, Beck), since gift cards can be traded — which obfuscates the trace completely. And everyone maybe catched can claim, they just bought the card from some random passer-by.

Looks like far less risk but plain counterfeiting.

Buck (user link) says:

do not need to hold on to detailed credit card inf

It is my opinion that companies do not need to hold on to detailed credit card information one second after they receive payment. I was shocked that companies have the detailed credit card numbers and expiry dates months after the money has changed hands. The only company that should have that information is the Credit Card Company themselves.

If there is a charge back, the credit card company would provide the detailed information regarding that transaction only.

If every company that allows credit cards hold on to all the detail of every transaction, then this very personal information is available at much too many points.

In fact once the money has changed hands from the Visa for example, the retailer does not need anything more than the date of the transaction, and approval number. Everything else should be transmitted or shipped to the credit card vendor. Much in the same way Cheques are done. You would not imagine that a giant retailer would hang on the details of your personal cheque, with your account numbers, any more that they should hold on to your complete credit card data. Perhaps they might want to hang on to that little slip of paper with my signature, however that does not have the detailed credit card number (it is covered with security asterix) or expire date.

Again, when and if there is a chargeback, the vendor can deserves the details.

As the world gets more and more dependant on electronic transactions, security for personal data becomes more and more important.

credit (user link) says:

Used for taking larger credit

Often the thieves will get the information which these used for gift cards, and get a large loan on the victim’s name. It happened to my neighbor and he found out because a collection agency received his information after the loan hasn’t been paid in some time. The nature of credit is spending what you don’t have and it’s a disaster when others spend the money you can’t even return…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...