Skip Navigation
Illinois Attorney General Lisa Madigan
Home | Careers | Press Room | Opinions | Español | Other Languages | Contact Us
 

June 23, 2009

MADIGAN, TJ MAXX REACH AGREEMENT TO ENSURE PROTECTION OF PERSONAL DATA FOLLOWING MASSIVE SECURITY BREACH

TJ Maxx Parent Company to Implement Comprehensive Data Security System

Chicago - Attorney General Lisa Madigan today announced an agreement with TJX Companies, Inc., parent company of several retail chains including TJ Maxx, to implement a robust information security program that will help guard against security breaches and protect consumers' personal information. The agreement is the result of a 41-state investigation into a massive security breach that TJX discovered in 2007 after unknown perpetrators had obtained thousands of TJX consumers' cardholder data. The new system will address a number of vulnerabilities and flaws in TJX's data security systems identified during the investigation by Madigan's office and the other Attorneys General.

"My office receives thousands of complaints each year from Illinois consumers who have experienced identity theft," Madigan said. "The preventative measures that TJX is implementing pursuant to this agreement will go a long way toward protecting consumers' personal information. It remains important, however, that consumers continue to take all necessary steps to ensure their personal information is safe."

As part of the agreement, TJX will install a comprehensive information security program that assesses internal and external risks to consumers' personal information. The company also will regularly monitor and test the program's effectiveness and report the results to the Attorneys General.

Under the agreement with Madigan's office and the other Attorneys General, TJX will:

  • Upgrade all Wired Equivalency Privacy ("WEP') based wireless systems in TJX retail stores to wired systems or Wi-Fi Protected Access ("WPA") wired systems;
  • Store credit card or debit card data on its network for only as long as necessary for legitimate business purposes;
  • Install firewalls and access controls to isolate the portion of the company's computer network that stores, processes or transmits personal information; and
  • Implement proper security password management for the portions of the TJX computer system that store, process or transmit personal information.

TJX also agreed to pay the states $9.75 million, of which Illinois will receive more than $440,000 for work programs to enforce the consumer protection laws and for programs to protect consumer data and provide consumer education. An estimated $2.5 million of the overall settlement will fund a Data Security Trust Fund to be used by the Attorneys General to advance enforcement efforts and policy development in the field of data security and personal information protection.

In addition to Illinois, the Attorneys General of the following states participated in the investigation and subsequent agreement: Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin, and the District of Columbia.

Madigan recommended that consumers take the following precautions to better protect themselves against identity theft:

  • Protect your mail. Know when your mail gets delivered and pick it up as soon as possible after delivery. If bills are late, contact your creditors.
  • Keep papers containing your personal information in a safe place, and shred them when they are no longer needed.
  • Protect your Social Security number. Leave your Social Security card in a safe place. Do not give out your Social Security number unless it is absolutely necessary. Do not have your Social Security number printed on your driver's license, and never write it on a personal check at a store.
  • Carry only the credit or debit cards you know you will need. When you use a credit or debit card, make sure you know where your card goes during the transaction and get it back immediately following the purchase. Always take receipts with you.
  • Protect your account numbers, passwords, and PIN numbers. Never write passwords or PIN numbers on the backs of cards or anything else you keep in your wallet.

For more information about identity theft and how consumers can protect their personal information, visit http://www.illinoisattorneygeneral.gov/consumers/consumer_publications.html#idtheft or call the Attorney General's Identity Theft Hotline at 1-866-999-5630.

Assistant Attorney General Christine Nielsen handled the case for Madigan's Consumer Fraud Bureau.

-30-

Return to June 2009 Press Releases

go to top of page

© 2010 Illinois Attorney General HomePrivacy Policy Contact Us