The following articles are from the Boston Globe and concern TJX's recent security breach which compromised millions of TJX's customers' personal data. The first article was published last week, on January 26, and chastised TJX CEO Ben Cammarata for his lack of response to the incident. The article compares TJX's response to that of Tylenol's notable response to the cyanide incident and mentions that TJX's brand names might be adversely impacted. As the author writes, "This is retailing we're talking about, the most Darwinian of businesses, where only the strongest survive. If I can't trust the Marshalls brand, why not go to Target?". The second article mentions some of the tactics taken by TJX within the past few days to respond to directly to its customers, such as taking out full-page ads in several newspapers and posting a video on the TJX website.
What do you think- is it too late for TJX to repair the damage done to its brands? Does TJX really care about its customers, or is the company just responding to pressure from the media?
Elephants don't dance
By Steve Bailey, Globe Columnist January 26, 2007
TJX is no Johnson & Johnson. And right now Ben Cammarata is looking like no James Burke.
A quarter of a century after the bold decision by Burke, then chairman of Johnson & Johnson, to pull 31 million bottles of Tylenol capsules off the shelves remains the gold standard in corporate crisis-management. Seven people died from Tylenol laced with cyanide, and the Madison Avenue crowd was saying one of the world's best brands would never recover.
Burke succeeded by putting the customer first. Going against the advice of government agents and his own executives, Burke ordered a massive recall, which cost the company $50 million after taxes. Rather than hunkering down, Burke went on "60 Minutes" to explain what happened and dedicated the firm to the investigation. When Tylenol returned to the stores, it was in new triple-sealed packages and J&J gave away 80 million $2.50 coupons redeemable toward any Tylenol product.
The result: Tylenol regained more than 80 percent of its market share within a year. You'll find
it in my medicine cabinet today.
The crisis that has engulfed TJX is not about life and death. But it is about consumer trust. This is retailing we're talking about, the most Darwinian of businesses, where only the strongest survive. If I can't trust the Marshalls brand, why not go to Target?
Millions of credit and debit cards may have been exposed by a security breach at Framingham-based TJX in what could become the nation's largest case of stolen consumer data. In the first line of its first public disclosure about the breach, TJX said it was "victimized by computer systems intrusion." Wrong. It is TJX's customers who were victimized by the criminals and TJX itself.
There is plenty of blame to go around. It is not news that identify theft and credit card fraud are problems, but government -- federal and state -- has been slow to act. The credit card companies and the banks have been noisy in pointing the finger at TJX -- no small irony from an industry that stuffs our mailboxes every day with yet another low-low credit offer.
But this particular problem belongs first to TJX. It was TJX that left a window open and let the bad guys sneak in and make off with its customers' credit data. What about it, Ben Cammarata? Did you wait a month to tell your customers because the cops asked you to or because you were in the middle of the Christmas selling season? Why are you still "considering" whether to offer free credit monitoring to customers? Why have customers who had their license numbers stolen not gotten so much as a letter from you?
Debra Gibbons of Needham, a long-time TJX shopper, wants to know. She got a call from her credit card company saying her account was on fraud alert. Said Gibbons: "To close the account or not to close the account, that was the question. I closed the account . . . TJX owes the public something more than lip service. We want answers and we want them now."
Cammarata is a world-class retailer who preaches the value of "sweaty palms" -- that is, always sweating the suppliers until the last minute for the best prices. But as a leader amid one of the company's worst crises, he has been invisible. If TJX were a different kind of company and Cammarata a different kind of leader, company and chairman could become the champion for the need to do something about identify theft and credit card theft. But then elephants don't break dance, either.
Now it is TJX's customers doing the sweating. Repeat after me, Chairman Cammarata: The victim is the customer, not the company. The victim is the customer, not the company. If TJX takes care of its customers, the customers will take care of TJX. If not, there is always Target.
Steve Bailey is a Globe columnist. He can be reached at bailey@globe.com or at 617-929-2902.
TJX faces class action lawsuit in data breach
Firm won't offer credit monitoring, CEO says in video
By Jenn Abelson, Globe Staff January 30, 2007
A class action lawsuit was filed yesterday in US District Court in Boston accusing TJX Cos. of negligence for failing to maintain adequate security of customer credit and debit card data and not disclosing the breach for a month.
The suit was filed on behalf of Paula G. Mace of Horner, W.Va., who had her debit card information stolen from the company's computer system. It is seeking credit monitoring services and any damages incurred by affected customers, according to Jonathan Shapiro , a partner with Stern Shapiro Weissberg & Garin of Boston, one of two firms that brought the case.
"Because of TJX's actions, hundreds of thousands or even millions of its customers have had their personal financial information compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages," according to the suit.
Both Mace and Sherry Lang, a TJX spokeswoman, would not discuss the case.
The lawsuit came as TJX chairman Ben Cammarata spoke out yesterday for the first time since the Framingham discounter disclosed on Jan. 17 that a hacker stole customers' personal data from its computer system dating as far back as 2003. TJX, which last week was considering offering credit monitoring for customers whose personal data was compromised, yesterday said it would not provide that service.
"Based on the type of data involved in the breach of our systems, we don't believe that such monitoring will be meaningful to customers," Cammarata said in a seven-minute video posted on TJX's website.
The chairman, in the video and full-page advertisements in several New England newspapers, also tried to clarify why the company waited more than a month to talk about the incident.
Banking officials and retail consultants have estimated that millions of customers could be affected in what may be the biggest loss of customer data in US history.
Cammarata sought to reassure customers that it's safe to shop at TJX's more than 2,500 stores, including T.J. Maxx, Marshalls, and HomeGoods.
"By delaying a public announcement, with the help of top computer security experts, we were able to contain the problem and further strengthen our computer network to prevent further intrusion," Cammarata wrote in a full-page advertisement that appeared in the Boston Sunday Globe. "Therefore, we believe that we were acting in the best interest of our customers."
Cammarata also said the company now believes that customer transactions at Bob's Stores, and transactions using debit cards issued by Canadian banks, were not compromised in the breach.
Still, some consumers and crisis communications executives said Cammerata's comments are not only late but inadequate, and criticized TJX for refusing to disclose how many customers were affected and for leaving too many other questions unanswered. TJX has not said how many customers have been affected, but the Massachusetts Bankers Association has already reported credit- and debit-card fraud connected to the breach for unauthorized purchases made from Florida to Hong Kong. So far banks have reissued hundreds of thousands of cards.
Some security experts also challenged Cammarata's video statement yesterday that it would be extremely unlikely for thieves to commit identity fraud with the information that was stolen in this incident. Besides card numbers, TJX has said that a small number of customers' driver's license numbers, names, and addresses may also have been taken.
Steven D. Bearak , chief executive of Identity Force, a Framingham identity-theft-solutions company, said thieves who have only credit or debit card numbers can steal identities by combining them with other information, such as names, addresses, and Social Security numbers sold or traded on the black market, to piece together what he calls a "synthetic identity."
And while credit monitoring typically only watches for new credit lines opened in someone's name, Bearak said, credit-card monitoring services can be useful to detect potentially fraudulent charges on individual credit or debit accounts.
"Customers are at a high risk. This was an intentional, malicious intrusion into TJX's system," Bearak said. "This appears to have been an attack, well thought out, well planned, and well executed."
Separately, TJX also disclosed yesterday in a regulatory filing that TJX group president Alexander Smith resigned, and that Gary Crittenden, chief financial officer of American Express Co., stepped down from TJX's board.
TJX spokeswoman Lang said Smith left for an opportunity with another retailer. When asked whether Crittenden's resignation was connected to the security breach, Lang said the company doesn't comment on resignations of directors.
The changes come as TJX president Carol Meyrowitz assumed the chief executive's post on Sunday, as planned. Cammarata had been acting as chief executive and will remain chairman.
Jenn Abelson can be reached at abelson@globe.com.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment