News Stay informed about the latest enterprise technology news and product updates.

Canadian officials to release TJX report, settlement nears

Canadian data privacy officials plan to release a report outlining the TJX data security breach just days after TJX reached a tentative settlement with victims.

Canadian officials today plan to release the results of an investigation into the massive data security breach at TJX Cos., outlining how hackers entered the company's system and steps to plug future holes.

Jennifer Stoddart, the Privacy Commissioner of Canada, and Frank Work, the Information and Privacy Commissioner of Alberta, will summarize their findings into how intruders breached TJX's computer systems. The presentation is expected to take place at the opening day of the International Conference of Data Protection and Privacy. TJX owns and operates both Winners and HomeSense stores throughout Canada.

The attackers reportedly began their assault on TJX by exploiting Wi-Fi weaknesses at a Marshalls clothing store near St. Paul, Minn. Investigators believe the thieves aimed a telescope-shaped antenna at the store and used a laptop to snatch data transmitted between hand-held price-checking devices, cash registers and the store's computers. The exploit eventually led them into the central database of TJX, where they would repeatedly rob the system of sensitive customer data.

The Canadian report is being issued within days of a tentative settlement reached by TJX in a class-action lawsuit with customers who were victims of the breach. TJX is offering affected customers three years of credit monitoring services and identity theft insurance, according to a public statement released by company president and CEO Carol Meyrowitz.

In the statement, available on the TJX Web site as an "important customer alert", Meyrowitz said the Framingham, Mass.-based retail giant regrets "any difficulties you may have experienced as a result of the criminal attacks on our computer systems announced earlier this year. Importantly, we truly appreciate that you have continued to place your trust in us with your loyalty and patronage."

Meyrowitz insisted that TJX has been working "diligently" with some of the world's best computer security firms to bolster its security while continuing to work with law enforcement and government agencies to bring the attackers to justice.

TJX data security breach:
TJX profit takes hit over data breach: TJX says it has spent $256 million responding to the massive data breach that exposed 45 million customers to identity fraud, and the bottom line has suffered as a result.

TJX breach tied to Wi-Fi exploits: The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.

Banks prepare lawsuit over TJX data breach: TJX will face a lawsuit from three New England banking associations as well as individual banks. The Massachusetts Bankers Association is inviting others to join the suit.

As part of the settlement, which must still be approved by the courts, customers who were forced to replace their driver's licenses will be reimbursed for the cost, and those whose driver's license or other ID numbers were the same as their Social Security numbers will be compensated for "certain losses from identity theft," TJX said. Customers forced to change bank and credit card information because of the breach will get vouchers that can be redeemed in TJX shops in the U.S., Canada and Puerto Rico. Also, TJX promised to hold a one-time, three-day customer appreciation event with a 15% discount on all merchandise.

"This settlement agreement addresses the different ways customers have told us they have been impacted by the intrusion(s), and we believe that the terms of this settlement are beneficial to our customers," Meyrowitz said.

TJX has spent at least $256 million dealing with the breach, which was first disclosed in January. That's more than 10 times the $25 million figure TJX cited in May. TJX said the expenses went into battening down its computer system and responding to a growing list of investigations and lawsuits against it.

According to TJX's last earnings report, costs related to the data theft in the second quarter bit into its profit by $118 million. Still, TJX said, strong sales continued during the same period, which it cited as proof that customers aren't walking away.

TJX has acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate its network. The company gave a tally of the damage in a regulatory filing with the Securities and Exchange Commission (SEC) in March, and also acknowledged that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information.

Dig Deeper on Data security breaches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.