The company does not know the extent of the breach, which was first discovered in December, 2006. However, hackers may have made off with credit and debit information from transactions in the U.S., Canada, and Puerto Rico in 2003 as well as transactions between May and December, 2006, .

Banking officials in Massachusetts say that the TJX breach is behind a recent warning by Visa to banks in Massachusetts, which have contacted customers in recent days and had to reissue thousands of ATM and debit cards. In the end, the hack may affect a wide range of credit card companies and thousands of consumers in the U.S. and in countries like the U.K. and Ireland, experts say.

TJX said it is working with IBM and General Dynamics to investigate the breach, which is believed to have occurred on computer systems that process and store information on customer transactions for T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright. Transactions from T.K. Maxx in the U.K. and Ireland may have also been exposed in the breach.

TJX said it knows of "a limited number of credit card and debit card holders whose information was removed from the system," and has provided that information to credit card companies. TJX is also working with law enforcement, including the U.S. Department of Justice, U.S. Secret Service, and Royal Canadian Mounted Police, TJX said in its statement.

The company said it does not yet have enough information to determine the extent of the breach or what other customer information may have been compromised, nor can it quantify the financial impact of the breach.