Since 2005, a number of relatively high-profile data security breaches have been the subject of ever-increasing media and legal attention. The breaches generally involved one of the following: (i) the creation of fraudulent accounts; (ii) stolen laptops or other computer equipment; (iii) computer hacking; (iv) stolen or compromised passwords; (v) insider or employee theft of personal data; and (vi) lost or misplaced discs or back-up tapes. Most recently, on January 17, 2007, The TJX Companies, Inc. (“TJX”) announced that it had suffered an unauthorized intrusion into its computer systems that handle credit card, debit card, check, and merchandise return transactions process for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores. Although TJX discovered the data security breach in mid-December, 2006, it waited until January 17, 2007, to publicly announce the problem and issue a press release. The next day, The Wall Street Journal reported that people familiar with the matter said the number of exposed cards could exceed 40 million. On January 25, 2007, The Boston Globe reported that community banks in New England had identified at least 200,000 credit and debit cards compromised by the security breach, and several Massachusetts banks had reported cases of fraud connected with card numbers stolen from the TJX computer system. On January 29, 2007, noted plaintiffs’ class action firm Berger & Montague filed a class action suit against TJX in federal court in Boston, Massachusetts, asserting that TJX was negligent in failing to use reasonable care to implement and maintain appropriate security procedures to protect the credit and debit card information of TJX customers. (Please click here to view a copy of the TJX complaint.)
Please click here for full advisory and best practices.
Questions or concerns regarding data security issues can be directed to Grant S. Cowan, Chair of Frost Brown Todd LLC’s Business and Commercial Litigation Practice Group. Mr. Cowan can be reached at 513-651-6745 or firstname.lastname@example.org.