TXJ blamed for faulty data security

MONTREAL, Sept. 25 (UPI) -- TJX Cos. failed to have adequate security safeguards to stop hackers from stealing 45.7 million credit-card numbers, a Canadian government probe found Tuesday.

The Framingham, Mass., owner of T.J. Maxx and Marshalls U.S. discount chains "collected too much personal information, kept it too long and relied on weak encryption technology to protect it -- putting the privacy of millions of its customers at risk," Canadian Privacy Commissioner Jennifer Stoddart said in a statement in Montreal.

The practice let hackers steal millions of credit-card numbers by intercepting wireless transfers of customer information through local area networks at two Miami-area Marshalls stores, Stoddart said.

Stoddart's commission recommended TJX use a sophisticated coding system to protect driver's license information and delete all credit-card data after 18 months.

"While we respectfully disagree with many of the commissioners' factual findings and legal conclusions, we have chosen to implement their recommendations," TJX said in a statement.

TJX discovered the breach last December and disclosed it in January. It was the largest security breach of personal data ever reported.