The massive security breach at TJX Companies Inc. that exposed more than 45 million customers to identity fraud is hitting the bottom line big-time, if the company's second-quarter earnings report is any indication.
The Framingham, Mass.-based retail giant acknowledged it has spent $256 million dealing with the breach, which was first disclosed in January. That's more than 10 times the $25 million figure TJX cited in May.
TJX said the expenses went into battening down its computer system and responding to a growing list of investigations and lawsuits against it.
According to TJX's latest earnings report, costs related to the data theft in the second quarter bit into TJX's profit by $118 million. Still, TJX said, strong sales continued during the same period, which it cited as proof that customers aren't walking away.
TJX has acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate its network. The company gave a tally of the damage in a regulatory filing with the Securities and Exchange Commission (SEC) in March, and also acknowledged that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information.
The attackers reportedly began their assault on TJX by exploiting Wi-Fi weaknesses at a Marshalls clothing store near St. Paul, Minn. Investigators believe the thieves aimed a telescope-shaped antenna at the store and used a laptop to snatch data transmitted between hand-held price-checking devices, cash registers and the store's computers. The exploit eventually led them into the central database of TJX, where they would repeatedly rob the system of sensitive customer data.