TJMaxx settles credit card case
10:10 a.m.
Toolbox
By Bruce Edwards
Staff Writer - Published: June 24, 2009
TJMaxx and its sister companies will pay Vermont $272,600 to settle a multistate case involving the data breach of customer credit and debit cards, the Vermont Attorney General’s office announced Tuesday.
As part of the settlement, The TJX Companies Inc. agreed to correct the way it handles consumer data.
The company experienced a massive security breach from 2005 to 2007 when hackers are suspected of gaining access to hundreds of millions of credit and debit cards.
TJX owns the discount clothing and houseware stores TJ Maxx, Marshalls, HomeGoods, AJ Wright, and Bob’s Stores. The company operates six stores in Vermont, including a TJ Maxx store in Rutland.
The settlement with 41 states requires the company to pay $9.75 million.
The company must also implement security measures, including updating its wireless security system, not store credit card or debit card data longer than necessary, and use firewalls, access controls, and proper passwords for portions of its networks that store, process and transmit personal information.
Vermont Assistant Attorney General Sarah London said Tuesday The TJX Companies had the ability to prevent the data break-in.
“The state’s position is that TJX failed to make use of a series of readily available security measures that exposed consumers to an unnecessary risk of identity theft,” London said.
She said a portion of the $272,600 to be paid to Vermont is earmarked for the Attorney General’s office Consumer Protection Unit.
In a press release posted to its Web site, the Framingham, Mass.-based company said that “it did not violate any consumer protection or data security laws” and that the decision to settle the case “reflects TJX’s desire to concentrate on its core business without distraction and to promote cyber security measures that will benefit all consumers.”
Jeffrey Naylor, the company’s chief financial and administrative officer, said, “The sheer number of attacks by cyber criminals demonstrates the challenges facing the U.S. payment card system in protecting sensitive consumer data.”
The company previously settled charges with the Federal Trade Commission related to the security breach.
London said with identify theft the fastest-growing crime consumers need to be proactive to protect their personal information.
“We recommend that consumers make use of the free credit reports,” she said. “Vermont law and federal law affords consumers two free credit reports a year.”
London said by checking their credit reports consumers can find out whether unauthorized accounts have been opened in their name.
She said an international identity theft ring of 10 individuals are facing federal charges related to the TJX data theft, including the ringleader who is being prosecuted in federal court in Boston.
In another high-profile data breach, hackers in late 2007 accessed customer credit and debit card numbers at Hannaford supermarkets in the Northeast.
10