July 27, 2009
Retailer TJX Companies, Inc., has reached a $9.75 million consumer protection settlement with 41 states, stemming from a breach of sensitive data about thousands of customers.
The company is the parent of the T.J. Maxx and Marshalls discount clothing chains and HomeGoods stores.
"This multi-state investigation was triggered by the largest computer security breach ever reported," said Pennsylvania Attorney General Tom Corbett. "Every time someone swiped a credit card or debit card at a store operated by TJX, their information was funneled directly to hackers, compromising the accounts of millions of consumers."
Corbett said the settlement resolves allegations that TJX ignored flaws in the configuration of its computer network and failed to take sufficient steps to protect customer information--allowing hackers to access its unsecured network and operate undetected for more than a year, leaving tens of millions of consumers vulnerable to identity theft.
Additionally, Corbett said the settlement requires TJX to upgrade and carefully test its security systems and to regularly report the results of their security testing to Attorneys General across the country.
"Identity theft is crime that impacts millions of consumers every year, robbing people of their credit and their sense of financial security," Corbett said. "Businesses have an obligation to make every possible effort to protect customer information, so that consumers are not left to struggle with fraud and theft simply because they made a purchase."
States participating in the agreement include Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin, and the District of Columbia.
