The TJX/ TJ Maxx data breach is one of those stories that keeps on giving, and is a powerful reminder that we can assume nothing when it comes to the theft and misuse of our personal information.

To refresh your memory, in January 2007 the retailer announced that a data security breach discovered the previous month may have actually occurred months before. Yet before media ink was dry the company announced that hackers may have had access to the data as far back as May 2005 and yet laterconfirmed that some of the information stolen may have gone back as far as 2003.

As part of its crisis communications TJX reassured the public that information stolen in breaches like this was rarely used in identity theft, and that there was no evidence that any of the stolen information had been used in a crime.

Fast forward a few weeks and police in Florida announced that they had arrested six out of ten suspects in an $8 million gift card fraud using some of the very information stolen from TJX.

So far it appears that the suspects probably didn’t steal the information but instead probably purchased it from others, which is the way most of this stolen data ends up hurting consumers.

I’m sure there are still a few more chapters to be written as the saga continues, so stay tuned. And whenever you’re told that your stolen data is unlikely to be used against you, consider it spin.