MADIGAN, TJ MAXX REACH AGREEMENT TO ENSURE PROTECTION OF PERSONAL DATA FOLLOWING MASSIVE SECURITY BREACH
TJ Maxx Parent Company to Implement Comprehensive Data Security System
Chicago - Attorney General Lisa Madigan today announced an agreement with TJX Companies, Inc., parent company of several retail chains including TJ Maxx, to implement a robust information security program that will help guard against security breaches and protect consumers' personal information. The agreement is the result of a 41-state investigation into a massive security breach that TJX discovered in 2007 after unknown perpetrators had obtained thousands of TJX consumers' cardholder data. The new system will address a number of vulnerabilities and flaws in TJX's data security systems identified during the investigation by Madigan's office and the other Attorneys General.
"My office receives thousands of complaints each year from Illinois consumers who have experienced identity theft," Madigan said. "The preventative measures that TJX is implementing pursuant to this agreement will go a long way toward protecting consumers' personal information. It remains important, however, that consumers continue to take all necessary steps to ensure their personal information is safe."
As part of the agreement, TJX will install a comprehensive information security program that assesses internal and external risks to consumers' personal information. The company also will regularly monitor and test the program's effectiveness and report the results to the Attorneys General.
Under the agreement with Madigan's office and the other Attorneys General, TJX will:
TJX also agreed to pay the states $9.75 million, of which Illinois will receive more than $440,000 for work programs to enforce the consumer protection laws and for programs to protect consumer data and provide consumer education. An estimated $2.5 million of the overall settlement will fund a Data Security Trust Fund to be used by the Attorneys General to advance enforcement efforts and policy development in the field of data security and personal information protection.
In addition to Illinois, the Attorneys General of the following states participated in the investigation and subsequent agreement: Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin, and the District of Columbia.
Madigan recommended that consumers take the following precautions to better protect themselves against identity theft:
For more information about identity theft and how consumers can protect their personal information, visit http://www.illinoisattorneygeneral.gov/consumers/consumer_publications.html#idtheft or call the Attorney General's Identity Theft Hotline at 1-866-999-5630.
Assistant Attorney General Christine Nielsen handled the case for Madigan's Consumer Fraud Bureau.