The details of the security breach at TJX Companies becomes worse and worse, as more details surface. In the following article, please note how the company carefully parses its statements:

?The data breach at TJX Companies Inc. that exposed sensitive credit and debit card data on an unknown number of customers occurred nearly seven months before it was detected, a company spokeswoman said today.

The breach occurred as far back as mid-May 2006 but was only discovered in mid-December, said company spokeswoman Debra McConnell. The original statement from Framingham, Mass.-based TJX announcing the data compromise last week only mentioned the discovery of the breach in December and made no mention of when the breach actually happened.?

link: TJX breach occurred seven months before it was detected

In a previous posting on this space, I was concerned that the thieves (hackers) who had unauthorized access to these data had a month head start. Therefore, I stand corrected. They have a seven month head start.

Catherine Forsythe
FlyingHamster