On Jan. 17, 2007, TJX Companies, Inc., publically announced that it had experienced a massive data breach affecting credit card transaction information for thousands of consumers who had shopped at TJ Maxx, HomeGoods, A.J. Wright and Marshalls stores.
I was one of the many shoppers who received a new credit card as a result. Fortunately, I never became a fraud victim. And while I still shop at TJX-owned stores, I admit being annoyed when I learned about the breach.
TJX agreed to pay $9.75 million to 41 attorneys general as a part of settlement that follows the states’ investigation concerning the retailer’s data security practices. Washington Attorney General Rob McKenna said $2.5 million will fund a Data Security Trust Fund to be used by the states to advance enforcement efforts and policy development in the field of data security.
“Safeguarding personal information isn’t just good business, it’s crucial for our economy,” McKenna said in today’s news release.
“A data leak can cost a company millions of dollars,” McKenna explained. “Start with the cost of notifying victims, tack on the expense of lawsuits, implementing new security measures and ongoing marketing to repair a damaged reputation, and some businesses never recover.”
Today’s settlement reflects the lessons learned from that data breach and requires the most comprehensive relief achieved to date following a data breach investigation.
The new “Red Flags Rule” requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or "red flags" – of identity theft in their day-to-day operations. Check out the Federal Trade Commission’s Web site for a how-to guide.