TJX data breach bigger than initially feared

BOSTON — A computer security breach by a hacker who stole TJX Cos. customer data was broader than initially feared, and started 10 months earlier than first thought, the company said Wednesday.

But the parent of discount retail chains, including T.J. Maxx and Marshalls, also reported 5 percent sales growth during its fiscal fourth quarter, which ended just 10 days after the breach was disclosed Jan. 17.

Company executives said they saw no evidence of any exodus of customers from TJX’s more than 2,400 stores after the data theft. Industry analysts agreed.

“To the degree that that may possibly have occurred, it certainly hasn’t shown up in the numbers,” said Donald Trott of Jefferies & Co.

TJX initially believed the intrusion began in May 2006 and ran into last month. On Wednesday, the company said its ongoing investigation revealed the breach started nearly a year earlier, in July 2005.

Also, TJX said Wednesday that credit and debit card data had been accessed involving transactions at U.S. and Puerto Rican stores from January 2003 through June 2004, and credit card-only transactions at Canadian stores during that period. The company had initially been less certain, saying last month that information “may have been accessed.”

TJX also found more cases in which the hacker accessed driver’s license numbers together with names and addresses. TJX said it would notify affected customers.

Also, TJX found evidence of an intrusion into a system that processes transactions in Britain and Ireland from T.K. Maxx stores. So far, there’s no evidence of any theft of customer data from T.K. Maxx stores, TJX said.

More than 50 computer security experts are working with TJX in its investigation, CEO Carol Meyrowitz said.