TJXs Sept. 21 multipart settlement of all of the consumer lawsuits against it for its massive data breach is a fascinating denouement to the TJX saga. What makes this latest twist so delicious is that TJX has played this debacle the way a retailer should, assuming the retailer is Niccolo Machiavelli.
When admitting to a massive data breach impacting some 46 million of your customers, and when also conceding by implication that much of it was your fault given inadequate security measures, most companies would be chagrined, embarrassed and perhaps even a little bit ashamed.
How many would have the pureness of purpose to try to turn it into an upsell situation? When agreeing to pay cash—albeit tiny amounts—to your wronged customers, what would be a better example of Machiavellian marketing than to offer consumers the money only for in-store credit and of such an amount ($30) that many will likely spend more than the coupon?
Or as a way to make amends to the identity-less, offering to throw them a three-day party, which is open to everyone? And to then offer everyone attending a 15 percent off sale?
Let me see if I understand this correctly: Due to apparently recklessly weak security procedures, consumers that you invited into your stores had their credit card information and identities taken, all because they chose to buy your merchandise. How to make amends? Invite them back to bring their new credit cards and buy more stuff, with a 15 percent discount.
Maybe they can launch a major series of radio spots for this event? “Come to the We Ripped You Off and Got Away With It Special Celebration, with 25 percent off all jeans and 30 percent off if you use a credit card. Make sure to bring two forms of ID, though. Just kidding. You no longer have an identity.”
A 15 percent off sale and coupons to encourage upselling? That sounds less like a punishment and more like a promotion.
Its important for people to try to read the full 44-page settlement or at least peek at our summary of the key settlement points. Thats because TJX makes a lot of generous-sounding moves—such as paying consumers who were wronged, paying them an hourly fee for time spent and making security improvements—but its in the details where those offers fall down.
Yes, consumers are being paid, but very little and only in the form of what amounts to limited TJX gift certificates. Some consumers will be getting paid an hourly fee for the time they spent chasing their lost identities, but only $10 per hour, and there is a healthy list of restrictions.
Yes, the security improvements are going to be documented, but the industry will never know those details. The attorneys in charge of that security oversight indeed could conclude that the security improvements are insufficient, which would kill the deal and, by the way, their $6.5 million fee. Not that that would influence them at all. After all, the plaintiff lawyers are in it to improve security conditions and not to merely make a buck, right?
If TJX were serious about this settlement and its improvements, officials would be much more forthright about how they believe the incident began and what their security looked like at the time. If security is the only reason for the secrecy, surely it wouldnt hurt to get specific about the systems that used to be in place. Its not difficult to be explicit about what was being done and simply not reveal the information that would still be of value to thieves.
Of course, TJX has always had this bad luck with calendar coincidences. The breach was discovered in mid-December, and yet they didnt announce it until mid-January. Was the one months silence truly needed by law enforcement or was it timed to not impact holiday sales? Theres a good argument that the timing back then was coincidental. Not an airtight argument, but a reasonable argument nonetheless.
This settlements announcement date raises the calendar coincidence issue again. This settlement had clearly been in the works for quite some time. Teams of lawyers dont agree on the wording for 44-page government documents in one or two conference calls.
And yet, this statement was issued at 5:34 p.m. on the East Coast. On a Friday night. If one wants a story to be buried, thats the best time and day to announce it. And if that announcement happens to be made after sundown on the eve of Yom Kippur—the holiest day of the year on the Jewish calendar—even better, if the goal is to bury the news.
Coincidence? Twice? Maybe, but I am guessing there might be a lot of atoning due from one major retailer this week.
Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop any time soon. He can be reached at [email protected].
To read earlier retail technology opinion columns from Evan Schuman, please click here.