Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
The filing comes about two months after TJX released a report revealing evidence of intrusions of its customer database dating back to 2003.
TJX officials have said they did not discover the computer intrusion until Dec. 2006. "We do not know who took this action and whether there was one continuing intrusion or multiple, separate intrusions," TJX said in its report.
The company also said it was continuing to investigate the security breach with the help of outside computer security firms it hired back in December. Law enforcement agencies were also notified including the U.S. Secret Service, which, TJX said, is also investigating the matter. TJX said the investigation will be costly.
The filing makes clear TJX has a long way to go before it will be able to assess the extent of how much personal information was taken. In some cases it may never know.
"The technology used by the intruder has, to date, made it impossible for us to determine the contents of most of the files we believe were stolen in 2006," TJX said in its filing. Other than certain specific areas it's identified, TJX said, "we believe that we may never be able to identify much of the information believed stolen."