TJX customers get vouchers, three-day sale as part of breach settlement

Share this article:

Store vouchers and a three-day sale are some of the concessions TJX has pledged in a settlement with customers who sued the discount retail giant following a massive customer data theft.

"You've got to hand it to TJX," Mary Monahan, partner and analyst at Javelin Strategy and Research, told today. "They took the largest data breach in history and turned the conversation into offering $30 vouchers right before Christmas."

According to the agreement, announced Friday evening, customers who used credit cards during the time of the intrusion and who suffered costs this year related to the breach will receive store vouchers valued at $30 to $80.

"This is potentially a benefit [for TJX]," Diana Kelley, a Burton Group analyst, told today. "If you have a $30 credit, there's a chance you're going to spend significantly over that. It draws people to their stores."

The agreement, which requires court approval not expected until next year, would put an end to a number of class-action lawsuits filed by customers after Framingham, Mass.-based TJX revealed in January that hackers compromised some 45.7 million records over a two-year period.

In addition, TJX plan to hold a "Customer Appreciation special event," a three-day sale during which prices will be reduced by 15 percent for all customers across the company's 2,500 outlets, which include Marshalls, T.J. Maxx, HomeGoods and A.J. Wright stores.

"They're being smart about it," Monahan said. "That's American and that's capitalism. They're there to make money. Unfortunately for the victims, they're not going to get much. They're going to walk away with almost nothing."

TJX has agreed to offer three years of credit monitoring to some 455,000 people who returned merchandise to stores without a receipt and had to provide their driver's license numbers, thus increasing the chances of identity theft. TJX also will provide compensation for replacing driver's licenses if that number is the same as their Social Security number.

TJX, in a statement released Friday, did not place a dollar amount on the lawsuit, only saying its cost is part of a $107 million reserve mentioned in its second-quarter filing with the Securities and Exchange Commission. The company said it denied the "allegations underlying" the lawsuits, but that it made fiscal sense to settle. Cincinnati-based Fifth Third Bank, the credit card processor for TJX named in some of the lawsuits, was part of the settlement with TJX.

"We deeply regret any inconvenience our customers may have experienced as a result of the criminal attack on our computer system," TJX President and Chief Executive Officer Carol Meyrowitz said in the statement. "TJX has been working diligently to reach a settlement that offers a good resolution for our customers."

In addition to court approval, the settlement is contingent on whether a security expert, hired by the plaintiffs, believes TJX has made "a prudent and good faith attempt" on preventing a future computer intrusion, according to the agreement.

Despite the settlement, a number of potentially costly lawsuits against TJX are outstanding, including a joint complaint brought by the Massachusetts, Maine and Connecticut bankers associations who contend TJX should incur costs related to reissuing credit and debit cards. This could produce heavy losses for the retailer, experts say.

"If that goes through, that will be a big impact to TJX," Kelley said, estimating that each reissued card may cost up to $35.

Monahan said TJX likely will not get off easy.

"The attorneys in this [customer] case settled because they're going to get their fees, and they're representing individuals who have no power over them," she said. "The bank's attorneys work for the banks. [The banks] are not going to walk away with vouchers."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.