Climbing Claim Costs at TJX Underscore Need for Privacy and Security Coverages

Update:  Banks announce plans to file class action lawsuit against TJX for the security breach.

The security breach at TJX Companies indeed appears to be headed toward being one of the worst in history – and not just from a risk exposure standpoint. It serves as an example of how many problems a computer hacking incident can cause.

Discovered last December, the breach already has generated 18 putative class actions in the United States and Canada against the company and its holdings on behalf of persons whose information was leaked. The first of those actions was filed just two days after the company publicly announced that it had discovered its systems had been compromised and sensitive personal information of customers had been taken.

A recent 10-K filing by the company also disclosed a putative class action filed on behalf of all financial institutions that issued credit and/or debit cards to customers who had used their cards at TJX stores. And a major shareholder has filed a lawsuit to obtain information about the incident.

On top of that, about 30 U.S. state attorneys general are investigating whether the computer intrusion may have violated consumer protection laws. The U.S. Federal Trade Commission is also investigating. In Canada, inquiries are underway by the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner of Alberta and the Office of the Information and Privacy Commissioner of British Columbia.

The company initially set aside $5 million to pay for costs arising from the intrusion. That undoubtedly will turn out to be a mere fraction of the expenses and damages that will be incurred as a result of the hacking incident.

The company now reports that 45.6 million credit and debit card numbers were stolen from its systems, and reports indicate that is the largest loss of personal information in history. Florida law enforcement officials have identified at least 10 people in connection with a scheme to use the stolen financial information to purchase Wal-Mart gift cards then redeem the gift cards at other locations. At last reports, losses from that scheme totaled more than $8 million, and the number was still climbing.