Inside the Breach

(dramatic music) - [Mike] In January 2007, the TJX companies announced that they had been the victim of what we now know was one of the largest heists of customer information in history. While TJX might not be a household name themselves, they are the parent company of many popular retail stores, including the TJ Maxx, Marshalls, and HomeGoods brands that have stores throughout the United States and Canada, supplemented by a global footprint.

Millions of customers shop in these stores every year. As with many similar breaches, the initial details were sketchy. TJX simply disclosed that they had been the victim of a data breach a month earlier and that they did not yet know the number of consumers affected by the breach. Sources from the banking industry confirmed that the breach did include credit card data and that banks around the country were reissuing credit cards at a rate that indicated the breach was quite large.

Over the next few months, details of the true impact of the breach trickled out, as internal sources leaked details. TJX filed reports with regulators reporting that the breach had affected 45.6 million credit card numbers, making it the largest breach in history, as of that date. But even that wasn't the final number. Later that year, banks affected by the breach filed a lawsuit against TJX, alleging that the breach affected about 94 million credit card accounts.

While this breach has since been surpassed on the historical record list by larger breaches at Target, Equifax, Heartland Payment Systems, and other sources, the TJX breach is uniquely positioned as one of the first massive breaches of credit card information. It marked a turning point in the history of cybersecurity that we can all draw important lessons from today.