Attorney General Gansler Reaches Settlement with TJX Companies, Inc.
Settlement Addresses Security Breaches in 2005 and 2006

BALTIMORE, MD (June 23, 2009) - Attorney General Douglas F. Gansler announced today that his Consumer Protection Division, along with consumer protection agencies from 40 other States and the District of Columbia have entered into a settlement with TJX Companies, Inc. (TJX) concerning security breaches of TJX’s main server that occurred in 2005 and 2006. The breaches led to the theft of customer credit card data from 100 million credit card transactions.

The breaches affected the credit card information of consumers who shopped at TJX’s TJ Maxx, HomeGoods, A.J. Wright, and Marshall’s stores. Consumers affected by these data breaches should have already been notified by either TJX or their credit card companies. The settlement requires TJX to implement improved security measures to protect consumers’ credit card numbers and other private information.

“Victims of identity theft often face serious damage to their credit and huge hurdles in trying to repair their credit report,” said Attorney General Gansler. “It is important for consumers to know that TJX has agreed to take stronger measures to ensure that customers’ private information is protected from hackers.”

TJX denied any wrongdoing but agreed to implement new measures to improve its data security practices and to ensure its security practices comply with industry standards and with recommendations made by experts in the field who were hired by the States. TJX also agreed to make a payment to the States, including the creation of a $2.5 million data security fund to be used for data security initiatives.