But many customers wondered if any credit card transaction is safe.
"I don't feel secure at all about shopping at T.J. Maxx with credit any more," one customer said. "Cash only."
"It's not worth it," another customer said. "You save a little, but the risk is way too high."
No previous identity theft case compares to today's in size or significance. The apparent victims in this case are not people who used their credit cards on the Internet, but rather people who went to the store in person.
Officials say hackers uploaded hidden programs onto the TJX corporate computers at a building in Framingham, Mass., and another in Watford, England, and for more than a year and a half were able to easily download the 45 million pieces of credit card and personal information.
The company says it is now upgrading security.
"The bad guys had their encrypted data," Mark Rasch, a former cybercrime federal prosecutor, told ABC News. "They had their credit card data, and it is hard to believe they could have done that if the company hadn't messed up."
A major break in the case came last week when employees at a WalMart in Gainesville, Fla., became suspicious of some big spending customers and called police.
Authorities have now arrested six people (pictured), including the suspected ringleader of the group, 18-year-old Irving Jose Escobar, for using the stolen T.J. Maxx credit card information to buy millions of dollars worth in gift certificates and TV and audio equipment.
Of the six arrested, all of whom are charged with one count of an organized scheme to defraud over $50,000, a first-degree felony in Florida punishable by up to 30 years in prison, three have pled guilty and three others have entered not guilty pleas. Each of them is being held on $1 million bond.
Four other group members remain at large with warrants out for their arrests.
"This was just the start of a much bigger crime organization," Special-Agent Dominick Pape of the Florida Department of Law Enforcement said.
And customers at T.J. Maxx are not alone.
Since the first significant case of ID theft was discovered at the huge ChoicePoint credit bureau in Georgia on Feb. 15, 2005, involving some 163,000 records containing social security numbers and other personal data, security experts say more than 150 million pieces of information have been stolen in some 538 separate cases.
That includes cases covering breaches of a million or more records. Back on June 16, 2005, a hacking breach at CardSystems targeted 40 million records, according to Privacy Rights Clearinghouse, a nonprofit consumer organization that focuses on consumer information and advocacy. Another breach happened just last May when more than 28 million records of U.S. veterans discharged since 1975 were targeted when a VA laptop was stolen from an employee's home.
"The crooks are getting better, and the good guys are not doing enough to bolster their defenses," said Michael Watis, the former chief of the FBI's cyberunit.
T.J. Maxx and Marshall's corporate officials say 75 percent of the stolen credit car information will be of no use to the crooks because the data is either expired or encrypted.
But store customers have no easy way to tell if they are at risk, and the best advice from officials is to assume you are at risk if you've used your credit card at one of those stores or given your personal information, including driver's licenses and military IDs, to return merchandise.