News

Retailer Takes Out Ads To Buffer Fallout from Customer Data Hack

TJX Cos. took a month to make public a computer security breach because it was trying to prevent further damage, the company's chairman said in an online message and full-page advertisement in Boston newspapers.

TJX Cos. discovered in mid-December that customer data had been stolen by computer hackers and used to make fraudulent debit card and credit card purchases, but did not inform the public of the breach until mid-January.

"By delaying a public announcement, with the help of top security experts, we were able to contain the problem and further strengthen our computer network to prevent further intrusion," Chairman Ben Cammarata said in the letter that ran in The Boston Globe Sunday and in the Boston Herald Monday. "Therefore, we believe we were working in the best interests of our customers."

The letter, addressed to "Our Valued Customers," also detailed the company's efforts to prevent further computer system intrusions. A letter also posted on the company's Web site, along with a seven-minute video of Cammarata speaking from a store's clothing department.

"We immediately engaged two leading computer security and incident response firms to investigate the problem and enhance our computer security in order to protect our customers' data," Cammarata said.

The company is working with law enforcement and banks and has set up customer help lines.

On Monday, a lawsuit seeking class-action status was filed in federal court in Boston accusing the company of negligence for waiting to publicly announce the intrusion and for failing to protect consumer credit- and debit-card information in its computers. The lawsuit, filed on behalf of a West Virginia woman, seeks credit-card monitoring for affected customers and compensation for damages they incurred.

The company did not immediately return a message left after business hours seeking comment on the lawsuit.

Cammarata also announced in the letter that the security breach did not appear to involve transactions made at Bob's Stores, and that transactions using debit cards issued by Canadian banks were not involved.

The fraudulent purchases have been made in Florida, Georgia and Louisiana, and overseas in Hong Kong and Sweden.

Framingham-based TJX is the parent company of discount retailers T.J. Maxx and Marshalls, as well as HomeGoods and A.J. Wright in the U.S., Winners and HomeSense in Canada, and T.K. Maxx in Britain.

TJX announced on Jan. 17 that hackers had broken into a system that handles credit and debit card transactions, as well as checks and merchandise returns. The company said the stolen customer data included information from 2003 transactions, as well as information from mid-May 2006 through December.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.