Customer data stolen from TJX

The parent of Marshalls and T.J. Maxx reported the thefts to authorities and credit card firms.

BOSTON - Banks and credit card companies scrambled to notify their customers to watch for fraudulent activity after the TJX Cos. Inc., parent of retailers Marshalls and T.J. Maxx, disclosed thefts of customer data from its computer system.

TJX said hackers had broken into a system that handled credit and debit card transactions, as well as checks and merchandise returns for customers in the United States and Puerto Rico and may involve customer accounts from the United Kingdom and Ireland.

Visa U.S.A. Inc. said in a statement that it had provided the affected accounts to banks that issue its cards so they could take steps to protect consumers. The company said it was assessing all credit card transactions in real time to help banks distinguish fraudulent transactions from legitimate ones.

Bank of America Corp. and American Express Co. also said they were monitoring their credit cards for unusual activity. Christine Elliott, a spokeswoman for American Express, said the company had not seen any fraudulent purchases.

TJX officials refused to say how many customers' data were stolen or accessed by a computer hacker. The Wall Street Journal reported yesterday that more than 40 million cards might be affected.

Spokeswoman Sherry Lang said TJX, based in Framingham, Mass., had identified a "limited number" of credit and debit card holders whose information was stolen from its computer system, adding that the number was "substantially less than millions." A smaller number of customer names with driver's license information were stolen from the system, she said.

Visa and other credit card companies pointed out that consumers would not be responsible for fraudulent purchases.

But the news that a computer hacker could have private financial data had customers nervous.

"Of course I'm worried. I charged a lot of purchases at Marshalls over Christmas," said Sara Rafferty, a gas station clerk from Fishers Island, Conn.

The break-in was discovered in mid-December, but was kept confidential until Wednesday at the request of law enforcement officials.

TJX has not been informed of any fraudulent purchases at this point, Lang said. The company has established a hotline for concerned customers, 1-866-484-6978, and posted advice on its Web site for checking credit records. The company said it had hired General Dynamics Corp. and International Business Machines Corp. to upgrade its security system.