BOSTON—Banking industry officials in Massachusetts are reporting that a string of local companies have already observed fraudulent activity related to the massive data breach reported by retail chain TJX Companies on Jan. 17.
Unlike many other highly publicized data losses reported by organizations such as the United States Department of Veterans Affairs, which have not yet been traced to any criminal activity, the information stolen from TJX during two specific incidents in 2003 and 2006 has already been put to use by fraudsters, according to the MBA (Massachusetts Bankers Association).
The MBA reported on Jan. 24 that several banks in the state, which is also home to the TJX corporate headquarters in Framingham, have reported incidents of fraud specifically related to the information that was lifted from the retailers’ IT systems by unidentified outsiders.
The banking industry group said that it has received reports of fraud carried out on debit and credit card accounts exposed in the data heist in locations including Florida, Georgia, and Louisiana in the United States, and Hong Kong and Sweden overseas. The widespread nature of the criminal activity could indicate that the data has already been passed from the hackers who stole it to people around the globe intent on using it to carry out fraud, a common scenario for the use of stolen personal information.
Several banks doing business in Massachusetts have already reissued credit and debit cards to customers, including Fitchburg Savings Bank, which reported that more than 1,300 of its customers may have been exposed by the TJX incident. Bank of America, the country’s largest retail bank, based in Charlotte, N.C., also confirmed that it is reissuing cards to account holders, although it did not indicate how many of its customers had been affected.
