Hackers have stolen the bank card details of millions of British and American shoppers in what is thought to be the world's biggest ever credit card heist.
The crooks extracted at least 45.7 million credit and debit card numbers from the US and UK-based computer systems of the American retailer that owns bargain chain TK Maxx.
Banks and card companies have already found "preliminary evidence" of fraud using the data stolen from TJX, and law enforcement authorities are investigating possible cases.
The numbers were accessed on the company's systems in Watford and Framingham, Massachusetts, over a 17-month period and cover transactions dating as far back as December 2002.
The firm did not know how many of the cardholders affected were shoppers at TK Maxx's 203 stores in Britain or its seven Irish outlets, although more of them were likely to be American.
Nor could a spokeswoman say whether any of the reports of possible fraud came from UK police.The firm does not know who the intruders were, or how many people were part of the scam.
Two computer files out of 100 the hackers took from the Framingham system last year had apparently been moved from Watford.
But TJX, which has set up a UK helpline for concerned customers and is advising them to scrutinise their bank statements, cannot tell what card data they contained, and there may be more as yet undiscovered.
Even if the information was encrypted or masked, the technology the thieves used could have decrypted it, and they may also have stolen the numbers during the card issuer's approval process - when it is not encrypted anyway.
The hackers first accessed the company's systems in July 2005 and on subsequent dates that year, and from mid-May last year to mid-January this year.
No customer data was stolen after December 18th, when the retailer first discovered suspicious software on its system.
As well as card numbers, personal information provided by around 455,000 American customers who returned goods without a receipt was also stolen.
In a filing to the US Securities and Exchange Commission, the firm said details from 45.6 million cards relating to transactions between December 2002 and November 2003
TJX is already facing an investigation by the Federal Trade Commission and lawsuits from individuals and banks accusing it of failing to do enough to safeguard private data.
Agencies