TJX Judge Inclined To Approve Revised Cash Settlement Deal

Written by Evan Schuman
October 10th, 2007

Although he wants some more time to think about it, U.S. District Court Judge William Young said "I’m tentatively go" on the $200 million consumer settlement of the nation’s worst data breach.

After hearing about a revised proposed consumer settlement that supplements $30 in-store vouchers with $15 checks—along with other changes, such as increasing the voucher cap from $7 million to $10 million—Young said he was inclined to approve the deal but wanted to consider the options just a bit longer.

Much of the Wednesday hearing before the judge in the Boston federal courthouse focused on whether TJX could contact most of the consumer victims by mail, instead of the TJX preferred approach of advertisements and selected mailings.

TJX lawyers submitted an affidavit of a TJX executive and argued that it wouldn’t be practical because too many people were hurt and that TJX can’t justify spending the money to contact all of them directly. Also, they said that many of the consumers involved had not been truly impacted, such as if they had a credit card taken that had already expired.

"This group would not only be enormous. It’s everybody who shopped," said TJX attorney Harvey Wolkoff. "It would be millions and millions and millions of people. But it also would be way over inclusive. It would It would include many, many, many people, your Honor, who wouldn’t be entitled to a voucher because they didn’t time experience any kind of out-of-pocket loss, they didn’t experience any lost time. Many of them didn’t experience anything or, at most, what they experienced is possible exposure."

Wolkoff argued—pointedly—that being forced to contact all of the consumer victims would likely kill the settlement offer because it would then be cheaper to go to trial.

He compared it to another case—overseen by the same judge– involving consumers who were over-charged for prescriptions.

In the prescription case, "you had ten drug store chains that were responsible for some very large percentage of the prescriptions. Here, we have hundreds and hundreds of banks. We have big banks, we have small banks, we have medium size banks," Wolkoff said. "The cost to do that, your Honor, would be horrendous and, frankly, it would, with all due respect, it would likely crater the settlement."

The judge—who then thanked Wolkoff for delivering "the candor I’m looking for"—seemed to accept the argument.

"You say that if I force this and (even if) it didn’t crater the settlement, it nevertheless would be a whole lot of waste of time," the judge said, "because people whose credit card had expired, people who had no legitimate claim under this settlement, would come out of the wordwork unnecessarily and would have to be broomed off and it would not be helpful. I hear that argument. And I need to reflect on that."

Part of the cost debate brought out arguments over how TJX tries to identify some consumers who do not use loyalty cards. Wolkoff described TJX cashiers who periodically ask for a customer’s telephone number.

Wolkoff—who then volunteered that he "never" gives the cashier his phone number "in part because I have trouble remembering it"—said TJX then sends the number immediately to a company. "They attempt to, and don’t nearly always succeed, to make a match between the telephone number that you gave and the name and address," he said.

His point was that TJX has inconsistent contact information on a handful of impacted people, specifically the consumers who were asked to give their telephone number, who gave it and who were then identified. "So we’re getting into a subset of a subset of a subset (where) we have the names and addresses of those people," Wolkoff said.

In another development at the hearing, TJX Vice Chairman Donald Campbell, a 34-year TJX veteran, issued a sworn statement about the consumer impact on TJX after the breach. It’s interesting in that it’s the most explicit statement from TJX yet that consumers have gone out of their way to not punish TJX for the data breach.

"I understand that an issue was also raised at the hearing about past consumers who may now choose not to shop at TJX stores because of the intrusion. TJX prides itself on its particularly loyal customer base. TJX is thus fortunate to have continued to enjoy strong support from its loyal customers since the announcement of the intrusion," Campbell said in a sworn affidavit.

TJX’s "sales have increased each quarter since the intrusion was first reported and TJX has continued to meet or exceed its sales expectations in each quarter," Campbell said. "TJX’s foot traffic levels continue to be very high and our number of customer transactions continues to increase, indicating that there have been very few who choose no longer to shop at TJX because of the intrusion."


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.