« Disturbing New Microsoft Patch Attack | Main | Podcast: Security as a Service, An Idea Whose Time Has Come: A Discussion With Alert Logic »

This past Tuesday, TJX, a Framingham, Mass. based retail behemoth reported its earnings and, according to the filing, took a $12 million dollar charge tied to the breach which exposed 45.7 million credit and debit card holders to identity theft. To date the massive breach has cost TJX $25 million.

TJX's net income for the quarter was $162.1 million, compared with $163.8 million for the same quarter last year, which represents a 1% drop in earnings. The company missed Wall Street estimates by a penny.

The breach was a result of bad guys exploiting gaps in the Wi-Fi system outside a Minnesota Marshalls. TJX said the $12 million cost for the quarter was to "investigate and contain the intrusion, enhance computer security and systems, and communicate with customers, as well as technical, legal, and other fees."

The cost of the breach to TJX is not expected to stop there (read my recent blog that predicts expenses to reach into the billions). Three New England banking associations and several individual banks are currently suing TJX for the cost of replacing compromised cards and cover fraudulent charges. They argue that TJX failed to adequately protect consumer data, and therefore should be held liable.

The company came clean about the breach in an SEC filing in March, and besides the 45.7 million card holders who were compromised, they also acknowledged that another 455,000 customers who returned merchandise without receipts also forfeited their driver's license numbers and other information to the thieves.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1878

Posted by: Michael Durnack at May 16, 2007 10:32 PM