"You've got to hand it to TJX," Mary Monahan, partner and analyst at Javelin Strategy and Research, told SCMagazineUS.com today. "They took the largest data breach in history and turned the conversation into offering US$30 vouchers right before Christmas."
According to the agreement, announced Friday evening, customers who used credit cards during the time of the intrusion and who suffered costs this year related to the breach will receive store vouchers valued at US$30 to US$80.
"This is potentially a benefit [for TJX]," Diana Kelley, a Burton Group analyst, told SCMagazineUS.com today. "If you have a US$30 credit, there's a chance you're going to spend significantly over that. It draws people to their stores."
The agreement, which requires court approval not expected until next year, would put an end to a number of class-action lawsuits filed by customers after Framingham, Mass.-based TJX revealed in January that hackers compromised some 45.7 million records over a two-year period.
In addition, TJX plan to hold a "Customer Appreciation special event," a three-day sale during which prices will be reduced by 15 percent for all customers across the company's 2,500 outlets, which include Marshalls, T.J. Maxx, HomeGoods and A.J. Wright stores.
"They're being smart about it," Monahan said. "That's American and that's capitalism. They're there to make money. Unfortunately for the victims, they're not going to get much. They're going to walk away with almost nothing."
TJX has agreed to offer three years of credit monitoring to some 455,000 people who returned merchandise to stores without a receipt and had to provide their driver's license numbers, thus increasing the chances of identity theft. TJX also will provide compensation for replacing driver's licenses if that number is the same as their Social Security number.
TJX, in a statement released Friday, did not place a dollar amount on the lawsuit, only saying its cost is part of a US$107 million reserve mentioned in its second-quarter filing with the Securities and Exchange Commission.
The company said it denied the "allegations underlying" the lawsuits, but that it made fiscal sense to settle. Cincinnati-based Fifth Third Bank, the credit card processor for TJX named in some of the lawsuits, was part of the settlement with TJX.
"We deeply regret any inconvenience our customers may have experienced as a result of the criminal attack on our computer system," TJX President and Chief Executive Officer Carol Meyrowitz said in the statement. "TJX has been working diligently to reach a settlement that offers a good resolution for our customers."
In addition to court approval, the settlement is contingent on whether a security expert, hired by the plaintiffs, believes TJX has made "a prudent and good faith attempt" on preventing a future computer intrusion, according to the agreement.
Despite the settlement, a number of potentially costly lawsuits against TJX are outstanding, including a joint complaint brought by the Massachusetts, Maine and Connecticut bankers associations who contend TJX should incur costs related to reissuing credit and debit cards. This could produce heavy losses for the retailer, experts say.
"If that goes through, that will be a big impact to TJX," Kelley said, estimating that each reissued card may cost up to US$35.
Monahan said TJX likely will not get off easy.
"The attorneys in this [customer] case settled because they're going to get their fees, and they're representing individuals who have no power over them," she said. "The bank's attorneys work for the banks. [The banks] are not going to walk away with vouchers."
See original article on SC Magazine US
TJX customers get vouchers, three-day sale as part of breach settlement
By Dan Kaplan on Sep 25, 2007 9:46AM