Lawsuits Mounting Over Massive Customer Data Breach at TJX

formatting link
By Mark Jewell/Associated Press

Boston -

The TJX Cos. Inc. faces federal lawsuits in five additional states over a data theft that exposed at least 45 million credit and debit cards to potential fraud, according to a regulatory filing Thursday by the owner of stores including T.J. Maxx and Marshalls.

A quarterly filing said TJX was named in nine new lawsuits filed since the Framingham-based company's March 28 update on a theft believed to be the largest in the U.S. based on the number of customer records compromised.

Thursday's filing with the Securities and Exchange Commission says complaints seeking class-action designation on behalf of customers were filed in April and May in the federal courts of five additional states: Illinois, Michigan, Missouri, Ohio and Texas.

Three new lawsuits were filed over the past two months in Massachusetts, where cases had previously been brought earlier in the year. The March 28 filing had listed more than a dozen lawsuits in Alabama, California, Massachusetts, Puerto Rico and six Canadian provinces. The Massachusetts cases against TJX have been consolidated.

In addition to listing TJX as a defendant, some of the lawsuits also name Cincinnati-based Fifth Third Bancorp, which processed some payment card transactions for TJX.

TJX said in Thursday's filing that it "intends to defend all of these actions vigorously," and Fifth Third has said it believes there are "substantial defenses" against the claims it faces.

Most of the complaints have been filed by TJX customers whose personal data was stolen. But some have been brought by financial institutions saddled with costs to replace cards and cover fraudulent charges tied to the theft. In April, bank associations in Massachusetts, Connecticut and Maine sued TJX, the owner of nearly 2,500 discount stores.

TJX disclosed the breach on Jan. 17, and said March 28 that one or more intruders unearthed data from at least 45.7 million credit and debit cards from transactions as long ago as early 2003. Independent organizations that track data thefts say the TJX case is believed to be the largest in the U.S. based on the number of customer records compromised.

TJX says about three-quarters of the 45.7 million cards had either expired by the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. However, TJX also has said the intruders could have tapped the unencrypted flow of information to card issuers as customers checked out with their credit cards.

The only arrests so far have come in Florida, where 10 people who aren't believed to be the TJX hackers are accused of using stolen TJX customer data to buy Wal-Mart gift cards.

Last month, TJX said its first-quarter profit dipped 1 percent, in part due to a $12 million after-tax charge from costs related to the theft. Nevertheless, TJX reported a 6 percent increase in revenue as customer traffic remained strong despite negative publicity about the theft.

On Thursday, TJX said sales at stores open at least a year rose 5 percent. Shares of TJX fell 77 cents, or about 2.7 percent, to close at $27.74, after the May sales report and before TJX's SEC filing.

Besides its T.J. Maxx and Marshalls stores, TJX operates HomeGoods, A.J. Wright and Bob's Stores in the United States, Winners and HomeSense stores in Canada, and T.K. Maxx stores in Europe.

Original content available for non-commercial use under a Creative Commons license, except where noted.

Copyright 2006-2007 GateHouse Media, Inc. Some Rights Reserved.

Reply to
Monty Solomon
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.