Winners, HomeSense warn of phone, e-mail scams

Consumers should guard against scam e-mails and phone calls from people purporting to be representatives of Winners and HomeSense, the company's chairman said Monday.

Ben Cammarata, the chairman of parent company TJX Cos., is urging people to be vigilant and protect their personal information.

"Criminals use situations like this to scam you, the public," Cammarata said in a video posted on the company website. "Consumers need to be wary of scams, hoax e-mails and calls in which they are contacted by someone claiming to represent TJX. I assure you we would never solicit personal information via phone or e-mail."

TJXCos. says it learned in mid-December that computer hackers had stolen customer data to make fraudulent debit- and credit-card purchases. The company said it didn't disclose the security breach for a month in an attempt to thwart further damage.

During that time, the company reinforced its computer network, Cammarata said in a letter posted on the company website and printed in U.S. newspapers.

"We immediately engaged two leading computer security and incident response firms to investigate the problem and enhance our computer security in order to protect our customers' data," Cammarata said in the letter addressed to "Our Valued Customers."

'Major breach of consumer confidence'

Consumer advocates have criticized the handling of the breach,saying it deeply violated consumer trust.

"What happened at Winners is a major breach of consumer confidence because when people put down their credit card they assume it's going to be safe," said Tom Keenan, a professor at the University of Calgary, following the announcement of the security breach.

"Now they find out that transactions as far back as 2003 have been compromised and they don't know where that information has gone. It could be for sale on a hacker bulletin board somewhere in Russia by now," Keenan said.

Canadian debit cards not compromised

According to the company's investigation, hackers gained entry to the computer system in May 2006. The company says debit transactions made atWinners and HomeSensein Canada were not compromised in the breach.

"Our computer security experts have now completed their investigation of the portion of our computer network that handles Winners and HomeSense transactions, and they have advised us that they do not believe that debit cards issued by Canadian banks were compromised in the intrusion," the company said in a statement.

Canada's Privacy Commissioner Jennifer Stoddart said Jan. 19 that it was checking to see if TJX Cos. was in compliance with private sector privacy laws.

Last week, following news of a possible privacy breach at clothing retailer Club Monaco, Stoddart said she planned on recommending legislation making it mandatory for companies to report security breaches.