TJX agrees to settlement in class action suits
Pending court approval, suits brought by victims of what is believed to be the largest data breach ever could be resolved soon.
Editors' note: This blog initially misstated the number of years of credit monitoring that TJX is offering in the proposed settlement. It is offering three years, or two additional years if the customer is already signed up for a credit monitoring service.
The TJX Companies announced on Friday a yet-to-be-finalized settlement for several class action suits resulting from various data breaches over the last few years.
TJX, which operates such discount retail chains as T.J. Maxx and Marshalls in the U.S. and Winners and HomeSense stores in Canada, is offering claimants three years of credit monitoring (or two additional years if the customer already has a credit monitoring service), credit insurance for up to $20,000 in losses, and the cost of replacing driver's licenses. A second group will receive one or two $30 vouchers good at any TJX-owned store.
Additionally, all T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico and all Winners and HomeSense stores in Canada will hold a three-day customer appreciation sale sometime in 2008 in which merchandise will be reduced by 15 percent.
In a press release (PDF) associated with the settlement announcement, Carol Meyrowitz, chief executive of the TJX Companies, said, "We deeply regret any inconvenience our customers may have experienced as a result of the criminal attack on our computer system."
In March, TJX said that up to 45.7 million customers may have had their credit information compromised. It is believed to be the largest data security breach ever.
Recently, Neal Krawetz of Hacker Factor released a report (PDF) citing various vulnerabilities in how large retail chains, including TJX, collect and store customer credit card information. You can read more about Krawetz's findings here or hear a podcast interview with him here.