• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

« Previous Post | Blog Home | Next Post »

TJ Maxx (TJX) Controversial Data Breach Lawsuit Settlement

Posted on Sep 25, 2007 by Tom Fragala

In case you had not heard yet, TJ Maxx has made an offer to settle class action lawsuits over the enormous security breach they suffered recently (45 million customer accounts compromised).

They offer credit monitoring to just 10% of the total breach number (455,000) and then announce a retail sale at the same time. If they require the victims to opt-in and order the monitoring to get it, then they will likely only have to pay for around 20–30% of the 455,000 they are offering it to. That’s a rule of thumb in the industry for the typical number of people that opt-in for free victim support for credit monitoring. So, 45 million accounts are breached and maybe TJ Maxx ends up paying for services for 90,000–135,000 people.

If you are interested in this case, read Ed Dickson’s blog post about this, and also Javelin’s take on it.

Ed makes a point that no one else does about synthetic identity theft:

One thing that concerns me is that the settlement offer states that one of the requirements to receive compensation will be that the identification number compromised has to match their Social Security number.

I guess that TJX and their affiliates don't want to address the rising phenomenon of synthetic identity theft? When synthetic identity theft is committed different parts of a persons identity are crafted to create a new one.

Mary Monahan at Javelin clearly feels this is a cynical response by TJX:

To show just how very sorry they are, TJX will hold a three-day sale where all its merchandise will be discounted 15% and guess what? Everyone is invited. You just can’t buy advertising for a sale like this. TJX’s 15% off three day sale will be run in every major newspaper for FREE. Whichever marketing genius thought up this one ought to win the Marketing Excellence Award this year.

Oh yes, and about that computer intrusion? TJX announced that it never will disclose the pesky details of the intrusion. After all, that was long ago and what good would that do? These costs were already accounted for under its set aside of $108 million after tax last quarter.
Guess I’ll be seeing at least 45.7 million of you at the “So Sorry Sale.”

I’m curious what the consumer adovacy groups will have to say about this if anything.

Update: Consumer Affairs has an article.