Customers On T.J. Maxx Data Breach: Some Sue, Others Spend - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

Customers On T.J. Maxx Data Breach: Some Sue, Others Spend

The latest sales figures are positive, but the retailer is facing a flood of lawsuits from store customers and financial institutions.

The costs and lawsuits continue to grow for TJX Companies -- parent of T.J. Maxx, Marshalls, and other retailers -- thanks to the now-infamous security breach to its IT systems, but the threat of identity theft and credit card fraud aren't enough to keep shoppers away.

The company Thursday reported a $20 million computer-intrusion-related charge for its third quarter, ended April 28. Sales were up about 6%, to $4.11 billion, from the same quarter a year ago.

Although the timing and extent of the intrusion into TJX's IT systems is in dispute, the company reported late last year that it suffered an unauthorized intrusion or intrusions into portions of its computer system that process and store information related to credit and debit card, check, and no-receipt merchandise return transactions. This admission that customer information was stolen from some stores dating back to 2003 has opened the floodgates to lawsuits from store customers afraid of identity theft and from financial institutions whose customer service costs have increased as a result of worried clients.

TJX claimed in a regulatory filing Thursday that it does not know "who took this action, whether there were one or more intruders involved, or whether there was one continuing intrusion or multiple, separate intrusions." The $20 million, or 0.5% of net sales for the quarter, TJX already has spent related to the intrusion has gone toward investigating and containing the computer intrusion, work to improve the company's computer security and systems, communicating with customers, and technical, legal, and other related costs, the company stated.

Costs are likely to increase quickly. Payment card issuers, such as Visa, have initiated Payment Card Industry security standard compliance claims against some of TJX's acquiring banks seeking reimbursement, according to TJX, for about $4 million in fraudulent payment card transactions. The transactions were made with counterfeit payment cards believed to have been created using payment card transaction information allegedly stolen during the TJX computer intrusion. PCI members also could issue fines against TJX for noncompliance with the PCI standards.

That's just scratching the surface, as TJX is facing class-action lawsuits from customers in state and federal courts in Alabama, California, Illinois, Massachusetts, Michigan, Ohio, and Puerto Rico, as well as in provincial Canadian courts in Alberta, British Columbia, Manitoba, Ontario, Quebec, and Saskatchewan. Additional class-action suits from financial institutions affected by the computer intrusion -- those issuing credit and debit cards used during the time of the intrusion -- have been filed against TJX in federal court in Massachusetts. All-told, nine lawsuits have been filed against TJX since April 17.

TJX claims that it doesn't know the extent of any fraudulent use of any of the payment card information believed stolen and that the company doesn't know the details of the ongoing law enforcement investigations into the crime. The company is aware, however, that law enforcement and 37 state attorneys general are looking into whether the computer intrusion violated any laws regarding consumer protection. The company has received subpoenas from 11 of these attorneys general.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll