Latest TJX offer includes checks or vouchers
Some TJX Cos. customers whose credit card information was stolen from the Framingham retailer could get $15 checks as part of a revised settlement agreement proposed in federal court yesterday.
TJX, the parent of stores including TJ Maxx and Marshalls, struck the new deal with plaintiff attorneys after a federal judge questioned an earlier agreement between the two sides last month.
Previously TJX had offered to give $30 store vouchers to certain customers who had lost time or money as a result of the loss of the data, valuing their time at $10 an hour. Consumer advocates said the vouchers wouldn't effectively penalize TJX, because the vouchers could be used only in company stores. Under the new terms, TJX will still offer the vouchers, but would give customers the option of getting a check instead.
In a hearing yesterday Judge William G. Young said he was inclined to accept the settlement, pending further filings and details, though he will consider exactly how consumers should be notified. "But for the notice issue, I think I'm a go on this," Young said.
TJX hasn't described the exact costs of the settlement but said it would be within the parameters of its previous estimates that put the total costs of dealing with the breach at around $256 million. Recent developments aren't causing the company to change its estimates, said a company spokeswoman, Sherry Lang.
"Our focus has always been and continues to be doing the right thing for our customers," she said by e-mail.
The breach in TJX's system was the largest tracked by specialists, and how the litigation is resolved could set a precedent for similar cases. Earlier this year, TJX disclosed how unknown hackers had stolen at least 45.7 million credit and debit card numbers from its computer system, compromising records as far back as 2003. TJX has said about 75 percent of the compromised cards were expired or had data in the magnetic strip masked.
Though there have been some arrests and guilty pleas related to misuse of the numbers, so far no charges have accused an individual of carrying out the breach. Last month Canadian privacy officials faulted TJX's security procedures and said the company believes the intrusion initially began via wireless networks at two Marshalls stores in the Miami area.
TJX said it disagreed with many of the Canadian findings, but said it has adopted many of its recommended improvements. At the same time TJX has faced lawsuits from two main plaintiff groups: consumers whose data was potentially compromised and financial institutions who had to replace millions of cards.
The proposed settlement would not affect the banks' litigation, which is continuing. In their suit, the consumer lawyers accused TJX of negligence in failing to protect the data, among other things. In its original Sept. 21 securities filing describing the previous deal with the consumer class, TJX said it denied the claims, but was aiming to settle the case to avoid a long and costly legal fight.
In addition to the choice of cash or vouchers, the settlement would have TJX offer credit-monitoring and identity theft insurance to about 455,000 customers who had returned merchandise to TJX without receipts, making them more vulnerable to the breach.
Ross Kerber can be reached at email@example.com.