In May 2007, TJX Co., the parent company of T.J. Maxx and other retailers, announced in a Securities and Exchange Commission filing that more than 45 million credit and debit card numbers had been stolen from its IT systems. The company had taken some measures over a period of a few years to protect customer data through obfuscation and encryption. But TJX didn’t apply these policies uniformly across its IT systems. As a result, it still had no idea of the extent of the damage caused by the data breach. If you were TJX, what data-mining research could you do to evaluate the safety of your customer’s personal data?