Christmas joy for hackers at TK Maxx

The raid happened on the mainframes in Watford and at the US base of parent company TJX in Framingham, near Boston

Cyber-criminals have hacked into the US computers behind discount clothing retailer TK Maxx and stolen details of 45.7 million credit and debit cards from the UK and the US.

The raid happened on the mainframes in Watford and at the US base of parent company TJX in Framingham, near Boston. The chain's IT experts became suspicious prior to Christmas when unfamiliar software was found on the company's servers. They notified the enforcement agencies and called in experts from IBM .

The revelation - which the company is calling an "unauthorised intrusion" - was revealed in the TJX annual report, which also provided a free UK phone number for anybody who may have been affected: 0800 779015. The original raids appear to have taken place in 2005.

"We suspect that customer data for payment card transactions at TK Maxx stores in the UK and Ireland has been stolen," a spokesman told The Guardian . "We suspect that these files contained payment card transaction data, some or all of which could have been unencrypted and unmasked."

A spokesperson for APACS , the UK payments association, told BBC Radio 1 that consumers should not worry too much as it appears that the majority of card information was pre-2004 - so consumers would have been issued with new cards by now.

According to the report, 30.6 million of the card details came from cards which had expired at the time of the security breach, leaving 15.1 million unexpired. Of those, 3.8 million had encrypted information. But it's the data from the remaining 11.3 million cards - some 25 per cent - that is causing concern.

President Carol Meyrowitz said in a statement: "I personally regret any difficulties you may experience as a result of the unauthorised intrusion into our computer systems. We are working with leading computer security firms to investigate the problem and enhance our computer security in order to protect our customers' data.

"Since we learned of the probability of a breach in mid-December 2006, we have co-operated with law enforcement as well as with the banks and credit card companies that process our customer transactions.

"We are committed to continue to address the situation and to provide periodic updates as we learn more."

TK Maxx has 210 stores in the UK and opened the first in 1994.

Contributor

Dan (Twitter, Google+) is TechRadar's Former Deputy Editor and is now in charge at our sister site T3.com. Covering all things computing, internet and mobile he's a seasoned regular at major tech shows such as CES, IFA and Mobile World Congress. Dan has also been a tech expert for many outlets including BBC Radio 4, 5Live and the World Service, The Sun and ITV News.