The fallout over
TJX's massive data breach continued Monday, when a West
Virginia woman filed a class action lawsuit against the company.
She accuses the retailer of negligence for not doing enough to
secure customer data and for keeping quiet about the breach for a
month.
Meanwhile, TJX chairman Ben Cammarata has launched a media blitz
to assure customers that the company is taking concrete steps to
secure credit card data. The effort includes full-page ads that
appeared in several New England newspapers over the weekend, and a
video
message from Cammarata on the TJX Web site. In that message, he
said TJX has decided not to offer credit monitoring for affected
customers.
"Based on the type of data involved in the breach of our
systems, we don't believe that such monitoring will be meaningful
to customers," Cammarata said in the video.
In the newspaper ads, he said delaying an announcement on the
breach allowed the company to secure its systems and prevent an
expanded breach.
"By delaying a public announcement, with the help of top
computer security experts, we were able to contain the problem and
further strengthen our computer network to prevent further
intrusion," Cammarata said in the ad. "Therefore, we believe that
we were acting in the best interest of our customers."
West Virginia resident Paula G. Mace, whose credit card
information was reportedly stolen in the breach, does not agree.
According to The Boston Globe, a class action lawsuit was
filed on her behalf in US District Court in Boston Monday, accusing
the retailer of negligence for not doing enough to secure customer
data and for keeping quiet about the breach for a month.
"Because of TJX's actions, hundreds of thousands or even
millions of its customers have had their personal financial
information compromised, have had their privacy rights violated,
have been exposed to the risk of fraud and identity theft, and have
otherwise suffered damages," according to the lawsuit.
The lawsuit seeks credit monitoring services and any damages
incurred by affected customers.
TJX disclosed the breach earlier this month, saying an attacker
exploited a flaw in a portion of its computer network that handles
credit card, debit card, check, and merchandise return transactions
for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J.
Wright stores in the U.S. and Puerto Rico, and its Winners and
HomeSense stores in Canada. The intrusion may involve customers of
its T.K. Maxx stores in the U.K. and Ireland and could also extend
to TJX's Bob's Stores in the U.S., the company said. The discovery
was made in December, but the retailer said investigators asked to
delay an immediate announcement of the breach during the initial
part of the investigation.
Last week, the Massachusetts Bankers Association said
several of its member banks reported fraudulent transactions
associated with the TJX data breach.
The stolen data was used to make purchases in Florida, Georgia
and Louisiana as well as Hong Kong and Sweden, the trade group
said. In addition, credit card issuers have contacted 60 banks
about compromised cards, the bankers association said.