The earnings report also refers to a similar charge expected in the next quarter.
"On 17 January TJX announced that it had suffered an unauthorised intrusion(s) into portions of its computer systems that process and store information related to customer transactions," the statement said.
"In the first quarter of fiscal 2008, the company recorded an after-tax charge of approximately $12m, or $.03 per share, for costs incurred during the first quarter, which includes costs incurred to investigate and contain the intrusion, enhance computer security and systems, and communicate with customers, as well as technical, legal and other fees.
"In the second quarter, the company expects to continue to incur these types of costs related to the intrusion(s), which the company estimates will total $.02 - $.03 per share."
However, Paul Davie, founder of database security company Secerno, pointed out that the security blunder will cost much more than these estimates.
"The $12m charge does not begin to scratch the surface of the true cost of this breach. The issue of protecting confidential customer data is a time bomb that has been waiting to explode," he said.
"Given the lax attitude of some businesses in addressing data security, and the increase in targeted attacks on data by sophisticated criminals, it was only a question of time before a major breach of this type thrust the issue into the public eye."
Davie added that that figures from the Ponemon Institute suggest that the total direct and indirect costs of replacing a credit or debit card runs at $186 per card. Multiplied by 45 million this would take the damage to an "eye-watering" $8.3bn.
However TJX does go on to concede in a statement: "Beyond these costs, TJX does not yet have enough information to reasonably estimate the losses it may incur arising from this intrusion, including exposure to payment card companies and banks, exposure in various legal proceedings that are pending or may arise, and related fees and expenses, and other potential liabilities and other costs and expenses.
"The company will record known losses when they become both probable and reasonably estimable."
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend