Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


TJX Settles Lawsuits, Offers Discount Days



 By: Evan Schuman
2007-09-24
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
With $6.5 million for attorney fees and limited customer reimbursements, TJX is hoping the consumer lawsuits go away.

After private credit card data from some 46 million consumers fell into the hands of cyber-thieves in the largest retail data breach ever, TJX has settled all of the consumer lawsuits resulting from the breach by paying $6.5 million in attorney fees and offering consumers some programs aimed at compensating those directly impacted.

The details from the full text of the Sept. 21, 44-page TJX settlement filing show the $17 billion retailers attempts to address consumer injuries. But given the huge scale of this breach, the compensation to any one consumer is likely to be minimal.

TJX has agreed to compensate consumers for any time they lost "as a result of the intrusion," but those calculations will assume a rate of $10 per hour.

The compensation also seems to be limited to $60 and will be in the form of $30 vouchers for making purchases at TJX only. Further, if a lot of consumers agree and "the total of such claims exceeds $7 million, the dollar amount of each voucher will be proportionately reduced."

Customers will get one $30 voucher. If they can prove costs exceeding $60, they will get two $30 vouchers.

TJX has said that cyber-thieves accessed TJXs systems in July 2005, but that it didnt learn of the multiple incidents until Dec. 18, 2006. It announced the breach one month later, on Jan. 17.

TJX officials have yet to say how they believe the breach began, although sources involved in the probe have spoken of two possible beginnings: that intruders intercepted wireless communications and used them to access the corporate TJX LAN and that the cyber-thieves might have broken into some job-application kiosks and used that as entry into the network.

No one has been charged with breaking into the network, and law enforcement officials have not identified any prime suspect. However, several people have been arrested on charges of trying to sell the information taken from TJX.

TJX is also offering a plan for consumers who "returned merchandise to a TJX store without receipts and who were sent letters from TJX stating that TJX had specifically identified that their names, addresses and drivers license or military, state or tax identification numbers were believed to have been stolen in the intrusion." For those consumers—and TJX estimated that there are about 455,000 of them—TJX will pay for three years of credit monitoring (the settlement specifies the Equifax Credit Watch Gold with 3-in-1 Credit Monitoring product) and $20,000 worth of identity theft insurance.

TJX is also pledging to give those "Unreceipted Return Customers" the documented actual replacement cost of drivers licenses replaced between Jan. 17 and June 30.

Resource Library:
To read more about TJXs $168 million security breach, click here.

In addition, there is the possibility of additional compensation for those customers who lost more than $60 from identity theft, but it excludes credit- and debit-card charges. The company also said that if the total of those "exceeds $1 million, such claims will be prorated."

In an interesting twist, TJX promised to hold a three-day sales event where all merchandise "will be reduced by 15 percent for three consecutive days in January, February or July, which will be in addition to all other discounts (other than employee discounts)," and it "is not expected to be held until 2008 at the earliest."

"TJX represents that it has not had any storewide sale event in the TJX Stores systemwide in the past, to the best of senior managements recollection, and that this sale event is the direct result of this settlement," said the settlement, included in a Form 8-K filing.

The settlement also gives both sides less than a month to get their own independent security experts to determine whether recent TJX security improvements are "a prudent and good faith attempt by TJX to minimize the likelihood of intrusions in the future." TJXs expert must submit a report to the plaintiffs expert by Oct. 17. But neither that expert nor the attorneys involved are allowed to discuss publicly how well—or poorly—protected they see consumer credit information being at TJX. All parties "shall be subject to such confidentiality restrictions as TJX may reasonably require to protect the security of its computer system."

The proposed settlement still has to be approved by the courts, and those security experts must agree. How long will this likely take? A TJX statement said it could take many months.

"As is typical for class actions, the procedures required to obtain approval of the settlement will take some time," the TJX statement said. "While we cannot predict how long these procedures will take, we do not think it is likely the settlement would become final prior to spring 2008."

A series of lawsuits against TJX from banks and other financial institutions are still active and not covered by this agreement.

Retail Center Editor Evan Schuman can be reached at evan.schuman@ziffdavisenterprise.com.

Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.



  Reader Comments: TJX Settles Lawsuits, Offers Discount Days
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Evan Schuman
 


x}rqUQ'(JHS-ubYgHHbL<$e[//ڗgnBKL&㩱IhFh!{I"֘tl}fRK ze$5vv޼yCH7tR(?2dh:u|h4=GR1Z>u3 ۀpg=,Ad-FF5%j'~xkLszV6z216\3eb ^Qk$ЁqG<nzF\;5Q!ϓ@<4 tdٖ/yg*ރ,C8Uݱa/G (*"h4"J>vퟒ_ `HU-@iܺ̐L9ka)XXNK|"BN3tQA KH@!=F!N1BpHf.b;5S:gfeY%YWauwÞq5n׭Sһ^iz-xHntRMMqsuS\u,Tʇ{H rTkP0kE @JL%a e uԙTyx7`N:uj}Juc6Uˊ} XGxPeuHy=j.sWAhnvt&HgXxȿW] c_g&v/}TS>ƔzN=S8=H*}nٮA%UǖA ϛLu%08{ ɝ5z9PͻCizy1&}դ;TfgPg,e]< vL߃1#,ީ T<ĥL>8Ԃ.v9.WbA/hb^9DEMi@ P!$4ar6ρlbo(?LHX)ĵRP*m=!đtaR*=PύfABZ ׸z)x)l e&zZLdoKW^, U to35Muc} _+UxѸ55K9ܺ< S'MXɩ * C Kw,Ofصq=7_wsgw0aFiŬ9c兇y5.du)fN C \ g?0-qڛX5VuӠzWa*W ,q[rmۂfX8ȃ=3p ؇傩&>|YzI4TЛv!S9n! p+׬UPLg<)*[h3u Z\/V°+]61"A0o "}hQaNTS 0AaguΤk!bkP8KDq?|2,e(,g@6AGiA؜Zs84ZJt kl\nrpf R*v^n^gh(^;(ym1,4ra,lGR6V2S{hcv{T*Pfb>_}(Xm:8U]m"=VxxO} ̍ |"=lA$:\3|*UTt`l`ʃ.qKQгS#nʛhB{-h]L,/Ҷ<_eУEjq~9ë# ߛppo=IjXDpGG(J@T*8ǙAg7r#TFQPxՠ{4'8΁9g⼻M}KSp@o([3txi+ul䃃2,, Ծ7 X-0`7͙oRs޽i>Q\U Ψ!y4VzsC\WC$?;ͪ#6kB=L:+a+s>󌠨a-ylcDH!2>Ѵo%% Lc( O όEkfp +RSJb/ 86"uޢFvru~!Yh99l3iq5}햯&sĴgz++1 b8W58_cBnԹu qlTMҡGh9;@⺆b䓃rA)ͥ @. ?[vsQA^-9;.U.š I֯GT#xu4߷`CL4PdzNTHaF]ڮ:rjSW{隗a ]區 wnG4߷/K'݋5?V#˖ou߽K͋#烬z!zN.ZFSLtk3d8)2Gg~Hh/6Qb k:B[Ku͉}܇9TzF[ n qdQִn4&l揝G²6XstxC7$"T]|&` $X*XU2ݻh~ O%'e؋n/l D38C W"EH%qA&NMNx zMr /Uщk ^ Ic T t6~OK0fA`+F+>ǭՓNIbNv*hq_GIB9(n2x A\$~l] )%P \ G"6l->; cdGA9C.7n'in&.TSbģ)3dAB4<Q2RX<ӲYGi!M$_U0㓈PV Ioɂ#dž5>Թ8/T/iwo]7")=/7[ .VlG_8_`OD HY)o-yb}YGJ\}Ys9 C>Ax9"90wA>?uV$ݝZ?s>i[Z3ƍ~'ach;eƫ>f|ge{yB 3?݁EM64HPcշݜ89! _v^k-hhCw(d~OY)l[icP!SǏRɘNBASBЭyYdE)I=9 O?Gv`q@+8#&nu@oǥ7D/ Z4f:Yfv5U[>ȥ nvٽdr!ǒU׫g7]f+wuB&epv|}gYjIU9e9|e--^RR>\_D+%U뀞h h&v?KYޟ;+&bi8V=TԵ먮:w-}cZ~k'K-;݌ `!3Ȑyok aͰ->Dƙ J;mmo܍n  B;DJܝfx1 F'KR@J9_fh&ܾ'm-?싖&,DEB4JE![bC/'iЕuY؏a0R^!Ӫ() .kͩGbJAл)aޚFh1Y" ǟ*F?Ķ*^AǞ$^8'Q r* bG.0nJբR^$ϚX_ PKXE#S7!(#'B%wX`al1x`;:S:Řgdդ?0s5K+- e|8Rlp }j{B><lƖgWfs)(RhR ES'=?R;rU X ]lN' %8"aU!&غȶ4WҦ4W|m@{# }`{gSQ Bv h0hC@13Ah_5= ;b mI")K_EX@nT) CZ_0zJdz#}X{Rt/Rȏ$   *H%d[<4,nGq\9>L a. B.`is%Z,)Tv.)a2oμn>(a {.ly_ʯۗy} f8GIڌo-DŎx_QRyNoC@z_N7 ;FV"~̃zK|}[XY;Q>qnRj'AP(/rZAW1tφd5Y\r}4vTK.7!,'#rO5O3ChymlM/ aS9:[ݽ?0lR_pxn&]$%M 2{50I%뀿 c N0W=*|搜Ȳ֗.ƞ\:RT(/36}FԸج}h z>? ZTcaֈ5Z(Rdj&/ fSƚi< L~gl&VR F2-'.t~vγYb >ن?3y˦Uxv6j@n[%OY@7䑺ʀ{61l i7A1DKl\Gj ų Ax Őݸle"!97U5f|b6ĻL{&xʻgs~/T xfjN.>} V#XǜAqE5* I!~V}:wWF} {A3@amIjD)L;T{ET0fo!`n2(y+/!v2(((v«aԱ]_w;1ɯ0]qJ|~Bd 2(K@-={g|#Gr^ k(G>ş›𮢊R-QBkXb8$u,¼H>Kb}Y (TiRW㻝'|;(s.Ȋ(a+A#!=|@ 0˨AX^q;Tk3"\~Ї#eT][aXį PGB8AXx1 oqy%j˸HFPx1v dPbYhX]_icl97*Ce5b;]C-4tAj-bIALc2ķ n"rI{ K"Ԙ\xWpU) *5PZ<6?Rcy:GSga?*F6.l`X-VS+%\֜9ק|[sݗǶT JzZR͗-K`zWu\[T:JLQ Ou(ζAs둞Jb9VmRa *zd040Lt`GV((# ar;-x : pr|n4d_ ck qRάH9SF;Rn>ꮱIwKDwg|{\$3B;õșE=?n.9&z.zX4F.^ayoKR8瓽]F bd3sR-Cah@$=j_ވ w qm_гaԳFԞk}ہ#'*?8`irGh%9oYBcÌ)|1^*J@8HjNTLO0Y]XC3[ ) |vG['t J j,I}yaNr%W0OMnlx[+JGB;{t h:hT5 /Ya.;=~3}LfRa:'LV_ _ݰ,VI my$7[ $~ZĮ̄H!&?qujl_M﷮{haE3>p`#wkꜰGɇA |Ϊd0W dh [zq٥MlF5Kv:^stTb8&<ǮĶnwK cB4_ Dŵq>jka]L ͓?0H.ƌ Rɗ/J]A 2,c-VR,@K7y LIBz7%)>ppJI?gOia}y;8oOofӔth_;}hi_C)iKI֧_05:)ӁwR4N ~;N ~:NJ;@}vRy2!cJ9 ށNJ:e^\%euݔwAtSOK7E\}\J) sB?=/=/}~ _קB_!cZ:cJ>>oҁ~oRI&s$CL._O2z)A^?,%SY9)+F7^˰Jsi2ௗeߧ}oel־:BR+ +]a%|Ay%kkZ14tb/uBU(X2lM"<#(yǯebV>c 40k 7"]YBY13$*}`:-WVvl+fJX.*ܢm:aKXE 9 8{c_%j2/ UΉHc=h0 .Ő3]\ZJ[Fܻğat =W\6qSn/l /: 7:-M\wڝ{f+23vb;w6 [췡\2<. d'N:/ ߊƄ+,|X HH\·.Fhe48/!4l55Et'j<} nglcU}:Iƙ ApTR*LYc} +y9_%=f` a0X^;QHJvo*!K0rz!R1 =TaԭxM_+BDK"ұR[z]W0Fdy5 @3as8a+h;⁃"G<}3wPcgqp=m YJ%37ޢ{I2ؐ$&ήwKguo0;Ssh|ӄ[Ìb,!߁x~l4QA;TXlX4qb<çSN<&3!Uť{oTxx ‹e*sM\Q j-Nؒ1$$Q" e2$s~9I4{g+=KFexp/ BC0tů}rmX}npb2 tBL/ 4xnǍacmwM‚_b XaJ>^+.Ơ=Q^I0!HM;e@请aXmt RVWBÐJČ(1.m ,^!Ӟ:Z| S@%8>cc:HOSM-sm{rlkj:jvԙepZ~*,x`,"դU$r 7|(pމi`gD{/~} _쁅:;owqs(;:Lw7>G*_l xD'Sx/!I/ 1Dt^ mɡwgil@ X3W]$ A_$|NbO޳\oTùLH M}ۢ1a4`,< j"}+ȑP‚m5uWdԤĶP#h[[cBQuC 1H'Jtѷd9H|&zU p$.7="RDwΆl'ȏQv0^ R smqSunDjYcl%E '_! 3.q},sD r6ς֔LT zʴ ៴XqKVv֒{ƶ ;C?Bض\8#eI.~;T>KxbHQ`C>fv؋|%KG ϽyHj(4FI cS' 1?j;;3,Te:>ebZ.qmF`ӧޓ5Z@#5E`w4ae  n=ձ]w O 7G=Frx{KklR}L%^\旗*|?Oe!Mt8͡mn0Z|U9ނ4eVn Y~ r@]Pa߂g `cwDl .*5^F pWa+e;6MPxO3 EΡp"c"*mx9Na^q=Ӹ+AўYn0g64 oO#]\Dc`Wpۂ{i[RpCV)tnOK]AVxӃN7ȯs,^rXٻ"gqhՆG0ޏqPt@ xQ b {m;pSr  VQ6pSdؖE'dsm{'ym{EmY>mЌ501ngFbk:2fOŀn{L ^f#>l[lc)d̄2 !yyUvҥNࢸ΍I,G`a^d++)ؐ:2k0bG1,sQf7}NaF*)Aua%o *[ApNWihsS|"[8.'3gqȏ<֔òaVvTʹmSּA1yylT$|٥rY>A 1Xq^> @;݄& @W 54b>8Yܻ W[OPQ96:| ,ݐbZ"ND׊ufrmus Q}&|쇶ԌnBZcȴ ݫL$d3k9OK~.p 99.s@OI›}XN1}aFot1GvYѯ\0AL]Tb?`~0?tf*ތ}ÅypAR x_PžŔv?8}enSÄVC+] V`6;.uN:b(.0+ꮃ*kz ˅ZN8^i+ vDǾ zhQ\pT-"<E3Sgn}3^|>@",>5d %@3@ !]YUqOonQ*s-D`o@j|&ՄuDڲcd a=GDo֚M^Y-_*.XOo!GhB$lbŖP n&?H֧!ގnOYf=tYX{CMaT-_Bg7iR7j:<৵%"P3-ְKKձ~$`W{8Yj@:u^@͎[nd-٣,ʸ\x 񼯎1nܫ%LNTn Ub: 8$o/ǖCtBȠ"i,~@cx|qcgbR+@`s$ڱ ;oG?gZlNуpE1t"II ~s.L(աg8A@h  &܅)dDe%<rM,,e7, 0%EcwH\IDmKv%"=$+ш4a(̕F@imH" bSC4u_,ȻU Y1n\G -J <ٴOiӦ-66ɴak;&ޚ# hY2-A0+R(<盅9)lq|j E*J=MV(L$жꄃE9-Q>g Z̞Ј 519mktxBإ;oaDCR>hJ ` bP>TnJ0,H57\&P8~;6E&507:K' Laݑt`vHP &uE%zZGRn%ba