Want to stay current on e–commerce law? Sign up for Email Newsletter.
Fallout from TJX Information Security Breach
The TJX Companies operate several discount retail chains, including T.J. Maxx and Marshalls in the United States and Winners and HomeSense in Canada. TJX has had difficulty recently with a number of information security breaches. In early 2007, TJX announced that due to an information security breach, up to 45.7 million of its customers may have had their credit card, debit card and drivers licence information compromised. The breach, which is believed to be the largest information security breach ever, was caused by hackers gaining access to the information through wireless networks at two stores in Florida.
There have been two recent developments relating to the TJX’s information security practices. First, TJX recently announced a proposed settlement for several class-action lawsuits arising from various information security breaches. The settlement, which has yet to be finalized, offers claimants three years of credit monitoring (or an additional two years for customers who already have credit monitoring), credit insurance for losses up to $20,000, and the cost of replacing drivers licences. Another group of claimants will receive $300 vouchers for TJX stores.
Second, the Canadian privacy commissioner has concluded that TJX could have prevented the massive 2006 security breach but did not take necessary security precautions. The privacy commissioner found that TJX collected too much personal information, kept the information for longer than was necessary, and relied on weak encryption technology.
For additional information, visit: