Posted by: Robert Westervelt
data security breach, TJX
The message to those who have been watching TJX closely since its massive data breach: You can survive and even thrive following a massive breach.
Retailers have been struggling over the last year or so following a precipitous economic decline, layoffs and most Americans holding on to their wallets, buying items that are needed rather than wanted. But the Framingham, Mass.-based retailer has bucked the trend. It’s at the top of a short list of retailers reporting strong results – very strong results, reports the Boston Globe’s Steven Syre in a column today.
Syre’s column points out that TJX has had six – yes six – straight months that same-store sales were above results for the same period in the previous year.
That performance has created a boom in TJX shares this year. After a steep decline during the last five months of 2008, the company’s stock has soared 73% so far in 2009. Yesterday shares gained 92 cents to close at $35.75. The stock stands just $1.25 below its all-time high. … For now, TJX is the best story retailing has to sell.
The massive data breach in January, 2007 that exposed at least 45.7 million credit and debit card numbers to possible fraud is a distant memory. Other breaches, most notably the massive breach at Heartland Payment Systems, have removed TJX as the data breach poster child.
What does TJX have to show for its breach; it’s incredibly weak WiFi and its inability to detect an intrusion for months? Lawsuit settlements. Those settlements were likely paid out and buffered by their insurance policies. The latest settlement: $525,000 to settle a lawsuit by several financial institutions – AmeriFirst Bank, HarborOne Credit Union, SELCO Community Credit Union and Trustco Bank – is a drop in the bucket.
All the lawsuits appear to be getting settled out of court. And that usually benefits one side – the defendant. There was $9.75 million to settle a lawsuit brought on by attorneys generals from 41 states. Up to $40.9 million to cover costs related to the breach for Visa card issuers. How much was actually paid so far? We don’t know.
All in all, looking at one of the most massive breaches in history, it’s difficult to say that companies should spend millions on new technology to defend their data. Defense in depth? Yes. Security fundamentals? Yes. Millions on the latest and greatest security technology? That’s a hard sell.