Police have arrested six people suspected of using credit card numbers stolen from the database of The TJX Companies to buy around US$1m of gift cards at Wal-Mart stores in Florida.

TJX, the US' leading off-price apparel and home fashions retailer, has been involved in a large-scale investigation since discovering the breach of computer security late last year.

The arrested suspects used stolen credit cards to purchase gift cards from Wal-Mart and Sam's Club stores in northern Florida, and local police have issued warrants for four additional suspects.

The TJX Companies, whose operations include TJ Maxx, Marshalls and HomeGoods in the US and TK Maxx in Europe, reported last year that hackers had stolen many numbers from one of its credit card databases. It is believed that the Florida suspects had purchased the card numbers though, and were not the hackers.

Total losses from the hackers still at large could total more than $8m in Florida and are still being calculated.

Last month (21 February) TJX said that it had a very large team of people working on its investigation. Carol Meyrowitz, president and CEO of The TJX Companies, said at the time: "Let me begin by telling our customers personally how much I regret any problems or inconvenience they may have experienced as a result of the unauthorised intrusion into our computer system. Our investigation is ongoing, and we are providing an update today on new developments. We are dedicating substantial resources to investigating and evaluating the intrusion which, given the nature of the breach, the size and international scope of our operations, and the complexity of the way credit card transactions are processed, is, by necessity, taking time."

While the company previously believed that the intrusion took place only from May 2006 to January 2007, TJX also thinks its computer system was also intruded upon in July 2005 and on various subsequent dates in 2005. TJX continues to believe there was no compromise of customer data after mid-December 2006, it said.

The company was unavailable to comment when contacted by just-style this afternoon.