TJ Maxx 2006 Annual Report Download - page 24

Download and view the complete annual report

Please find page 24 of the 2006 TJ Maxx annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 100

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100

approximately 100 files stolen in 2006 could have included the data that we believe were stolen in 2005, as well as other
data relative to some customer transactions from December 31, 2002 through mid-May 2006, although, with respect to
transactions after September 2, 2003 generally without track 2 data, and, with respect to transactions after April 7, 2004,
generally with all data encrypted.
In addition, as previously publicly reported, we suspect that customer data for payment card transactions at T.K.
Maxx stores in the U.K. and Ireland has been stolen. In that regard, we now believe that at least two files of the
approximately 100 files identified above that the Intruder stole from the Framingham system in 2006 were created by the
Intruder and moved from the Watford system to the Framingham system. We suspect that these files contained payment
card transaction data, some or all of which could have been unencrypted and unmasked. However, due to the
technology utilized by the Intruder in the Computer Intrusion, we are unable to determine the nature or extent of
information included in these files. Further, the technology utilized by the Intruder in the Computer Intrusion during
2006 on the Watford system could also have enabled the Intruder to steal payment card data from the Watford system
during the payment card issuer’s approval process, in which data (including the track 2 data) are transmitted to payment
card issuer’s without encryption.
We have provided extensive payment card transaction information to the banks and payment card companies
with which we contract as requested by them. While we have been advised by law enforcement authorities that they are
investigating fraudulent use of payment card information believed stolen from TJX, we do not know the extent of any
fraudulent use of such information. Some banks and payment card companies have advised us that they have found
what they consider to be preliminary evidence of possible fraudulent use of payment card information that may have
been stolen from us, but they have not shared with us the details of their preliminary findings. We also do not know the
extent of any fraudulent use of any of the personal information believed stolen. Certain banks have sought, and other
banks and payment card companies may seek, either directly against us or through claims against our acquiring banks as
to which we may have an indemnity obligation, payment of or reimbursement for fraudulent card charges and operating
expenses (such as costs of replacing and/or monitoring payment cards thought by them to have been placed at risk by
the Computer Intrusion) that they believe they have incurred by reason of the Computer Intrusion. In addition,
payment card companies and associations may seek to impose fines by reason of the Computer Intrusion.
Financial Costs.
In the fourth quarter of fiscal 2007, we recorded a pre-tax charge of approximately $5 million,
or $.01 per share, for costs incurred through the fourth quarter in connection with the Computer Intrusion, which
includes costs incurred to investigate and contain the Computer Intrusion, strengthen computer security and systems,
and communicate with customers, as well as technical, legal, and other fees. Beyond this charge, we do not have enough
information to reasonably estimate losses we may incur arising from the Computer Intrusion. Various litigation has
been or may be filed, and various claims have been or may be otherwise asserted, against us and/or our acquiring banks,
on behalf of customers, banks, and/or card companies seeking damages allegedly arising out of the Computer Intrusion
and other related relief. We intend to defend such litigation and claims vigorously, although we cannot predict the
outcome of such litigation and claims. Various governmental entities are investigating the Computer Intrusion, and
although we are cooperating in such investigations, we may be subject to fines or other obligations. (See Item 3 with
respect to litigation and investigations.) Losses that we may incur as a result of the Computer Intrusion include losses
arising out of claims by payment card associations and banks, customers, shareholders, governmental entities and
others; technical, legal, computer systems and other expenses; and other potential liabilities, costs and expenses. Such
losses could be material to our results of operation and financial condition.
Future Actions.
We are continuing our forensic investigation of the Computer Intrusion and our ongoing
program to strengthen and protect our computer systems. We are continuing to communicate with our customers about
the Computer Intrusion. We are continuing to cooperate with law enforcement in its investigation of these crimes and
with the payment card companies and associations and our acquiring banks. We are also continuing to cooperate with
governmental agencies in their investigations of the Computer Intrusion. We are vigorously defending the litigation and
claims asserted against us with respect to the Computer Intrusion.
Other Information
EMPLOYEES
At January 27, 2007, we had approximately 125,000 employees, many of whom work less than 40 hours per week.
In addition, we hire temporary employees during the peak back-to-school and holiday seasons.
10