Business & Finance
03:38 PM
Connect Directly
Repost This

Customers On T.J. Maxx Data Breach: Some Sue, Others Spend

The latest sales figures are positive, but the retailer is facing a flood of lawsuits from store customers and financial institutions.

The costs and lawsuits continue to grow for TJX Companies -- parent of T.J. Maxx, Marshalls, and other retailers -- thanks to the now-infamous security breach to its IT systems, but the threat of identity theft and credit card fraud aren't enough to keep shoppers away.

The company Thursday reported a $20 million computer-intrusion-related charge for its third quarter, ended April 28. Sales were up about 6%, to $4.11 billion, from the same quarter a year ago.

Although the timing and extent of the intrusion into TJX's IT systems is in dispute, the company reported late last year that it suffered an unauthorized intrusion or intrusions into portions of its computer system that process and store information related to credit and debit card, check, and no-receipt merchandise return transactions. This admission that customer information was stolen from some stores dating back to 2003 has opened the floodgates to lawsuits from store customers afraid of identity theft and from financial institutions whose customer service costs have increased as a result of worried clients.

TJX claimed in a regulatory filing Thursday that it does not know "who took this action, whether there were one or more intruders involved, or whether there was one continuing intrusion or multiple, separate intrusions." The $20 million, or 0.5% of net sales for the quarter, TJX already has spent related to the intrusion has gone toward investigating and containing the computer intrusion, work to improve the company's computer security and systems, communicating with customers, and technical, legal, and other related costs, the company stated.

Costs are likely to increase quickly. Payment card issuers, such as Visa, have initiated Payment Card Industry security standard compliance claims against some of TJX's acquiring banks seeking reimbursement, according to TJX, for about $4 million in fraudulent payment card transactions. The transactions were made with counterfeit payment cards believed to have been created using payment card transaction information allegedly stolen during the TJX computer intrusion. PCI members also could issue fines against TJX for noncompliance with the PCI standards.

That's just scratching the surface, as TJX is facing class-action lawsuits from customers in state and federal courts in Alabama, California, Illinois, Massachusetts, Michigan, Ohio, and Puerto Rico, as well as in provincial Canadian courts in Alberta, British Columbia, Manitoba, Ontario, Quebec, and Saskatchewan. Additional class-action suits from financial institutions affected by the computer intrusion -- those issuing credit and debit cards used during the time of the intrusion -- have been filed against TJX in federal court in Massachusetts. All-told, nine lawsuits have been filed against TJX since April 17.

TJX claims that it doesn't know the extent of any fraudulent use of any of the payment card information believed stolen and that the company doesn't know the details of the ongoing law enforcement investigations into the crime. The company is aware, however, that law enforcement and 37 state attorneys general are looking into whether the computer intrusion violated any laws regarding consumer protection. The company has received subpoenas from 11 of these attorneys general.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.