CONSUMER NEWS RECALLS COMPLAINT FORM SCAM ALERTS

Small Claims Guide \| Class Actions \| Lemon Law \| FAQ \| Resources \| Newsletters \| Spanish
Automotive Education Electronics Family Finance Health Homeowners Shopping Travel

TJX Sued for Loss of Consumer Data

Data Breach Resulting in Wave of Fraudulent Transactions

By Truman Lewis
ConsumerAffairs.com

January 29, 2007

TJX
• TJX To Pay Mastercard $24 Million For Data Breach
• TJX Settles with FTC Over Data Breach
• TJX Settles with Banks over Data Breach
• TJX Settles Visa Suit over Data Breach
• Attorneys General Oppose TJX Data Breach Settlement
• TJX Data Breach Victims Reach 94 Million
• TJX Data Breach Settlement Has Strings Attached
• Wireless Hackers Suspected In TJ Maxx Breach
• TJX Data Breach Called "Biggest Ever"
• Data From T.J. Maxx Breach Connected To Florida Fraud
• TJX Data Breach Bigger than Earlier Estimates
• Massachusetts, Rhode Island Open TJX Probes
• TJX Sued for Loss of Consumer Data
• Hackers Hit T.J.Maxx, Marshalls
• Congress Takes On Data Security
---
• TJX Customers: What To Do

While banks and retailers throughout the U.S. and Canada report a growing number of illicit transactions, a class action lawsuit has been filed on behalf of consumers exposed to identity theft as a result of hackers penetrating the computer network of TJX Companies, Inc., corporate owner of the T.J. Maxx and Marshalls chains.

The suit, filed in federal district court in Massachusetts, charges that TJX was negligent for failing to maintain adequate computer data security of customer credit and debit card data.

Story continues below video

"As a result of TJX's actions, customer information was stolen from TJX's computer network that handles a wide range of financial information for millions of customers, including credit cards, debit cards linked to checking accounts, and transactions for returned merchandise," said the attorneys filing the suit.

The suit castigates the company for being tardy in releasing news of the data loss to affected consumers.

Although TJX discovered the data breach in mid-December, 2006, it did not publicly announce the intrusion until one month later. That delay prevented consumers from taking measures to protect their accounts, the lawsuit charges.

TJX has said that consumers who patronized TJX stores in 2003 and from mid-May through December 2006 may be affected by the theft.

"Because of TJX's actions, hundreds of thousands or even millions of its customers have had their personal financial information compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages," a statement released by Berger & Montague, PC, and Stern Shapiro Weissberg & Garin, LLP,the law firms representing the plaintiffs, charged.

Fraudfest

Alarm over the computer break-in has been growing as incidents of apparent fraud mount.

More than 60 of the 205 banks in Massachusetts have begun reissuing cards after being contacted by credit card companies about compromised cards, the Massachusetts Bankers Association (MBA) said. In Vermont, one bank had to reissue cards to 1,600 customers because of the compromise, according to press reports.

The MBA said fraudulent transactions have been reported in at least three states as well as Hong Kong and Sweden.

The MBA noted, however, that credit card and bank fraud does not necessarily mean the data thieves have stolen someone's identity; they may merely gained access to credit card numbers.

TJX has set up a toll-free number (866-484-6978) for customers who have questions, and is also taking information on its Web site.

Banks, Congress Irate

Banks, who bear the brunt of the expense when data breaches occur, are beginning to press for Congressional action that would make Visa and Mastercard bear more of the responsibility for identifying the source of data leaks and taking preventive action.

"It is critical that the card associations -- Visa, Mastercard, etc. -- and public officials carefully evaluate whether the source of the breach should be identified quickly and be held liable for a data breach, particularly if the information being stored is in violation of card-network rules," MBA CEO Danial Forte said.

Rep. Barney Frank (D-Mass.), chairman of the House Committee on Financial Services, said the TJX breach was "further evidence of the need for a provision that Democrats pushed for in last year's debate over data security.

"Those institutions where breaches have occurred must be identified and they must bear responsibility," he said.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

May 17 2008

READER SERVICES

Print, Email & More

Free consumer newsletters
Sign up now!

Back to the top |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.