|
|
 | | | |
- close
- close
- close
- close
TJX » Topics » We have expended and expect to expend significant time and money as a result of the Computer Intrusion we suffered, and as a result of the Computer Intrusion, we could incur material losses, and our reputation and business could be materially harmed.This excerpt taken from the TJX 10-K filed Mar 28, 2007. We have
expended and expect to expend significant time and money as a
result of the Computer Intrusion we suffered, and as a result of
the Computer Intrusion, we could incur material losses, and our
reputation and business could be materially harmed.
We suffered the Computer Intrusion in which we believe that
customer data were stolen. We are conducting an investigation of
the Computer Intrusion. To date, we have been able to identify
only some of the information that we believe was stolen.
Deletions in the ordinary course of business prior to discovery
of the Computer Intrusion and the technology used by the
Intruder have, to date, made it impossible for us to determine
much of the information we believe was stolen, and we believe
that we may never be able to identify much of that information.
Further, we cannot predict whether we will learn information in
addition to or different from the information that we now
believe about the Computer Intrusion and the data believed
stolen.
While we have been advised by law enforcement authorities that
they are investigating fraudulent use of payment card
information believed stolen from TJX, we do not know the extent
of any fraudulent use of such information. Some banks and
payment card companies have advised us that they have found what
they consider to be preliminary evidence of possible fraudulent
use of credit payment card information that may have been stolen
from us, but they have not shared with us the details of their
preliminary findings. We also do not know the extent of any
fraudulent use of any of the personal information believed
stolen. There could be significant fraudulent use of the
information believed stolen from us.
We have incurred capital and other costs to investigate and
contain the Computer Intrusion, strengthen our computer security
and systems, and communicate with customers, as well as legal,
technical and other fees, and we expect to continue to incur
significant costs for these purposes. Certain banks have sought,
and other banks and payment card companies may seek, either
directly against us or through claims against our acquiring
banks as to which we may have an indemnity obligation, payment
of or reimbursement for fraudulent card charges and operating
expenses (such as costs of replacing
and/or
monitoring payment cards thought by them to have been placed at
risk by the Computer Intrusion) that they believe they have
incurred by reason of the Computer Intrusion. In addition,
payment card companies and associations may seek to impose fines
by reason of the Computer Intrusion.
Various litigation has been or may be filed, and various claims
have been or may be otherwise asserted, against us
and/or our
acquiring banks for which we may be responsible, on behalf of
customers, banks, payment card companies
and shareholders seeking damages allegedly arising out of the
Computer Intrusion and other related relief. We intend to defend
such litigation and claims vigorously, although we cannot
predict the outcome of such litigation and claims. Various
governmental entities are investigating the Computer Intrusion,
and although we are cooperating in such investigations, we may
be subject to fines or other obligations. We cannot predict what
actions such governmental entities will take and what the
consequences will be for us. The ultimate resolution of such
litigation, claims and investigations could have a material
adverse effect on our results of operations and financial
condition. Regardless of the merits and ultimate outcome of
these matters, litigation and proceedings of this type are
expensive to respond to and defend, and we could devote
substantial resources and time to responding to and defending
them.
Beyond the charge we took in the fourth quarter of fiscal 2007,
we do not have enough information to reasonably estimate losses
we may incur arising from the Computer Intrusion. These losses
may include losses arising out of claims by payment card
companies and banks, customers, shareholders and governmental
entities; technical, legal, computer system and other expenses;
and other potential liabilities, costs and expenses. Such losses
could be material to our results of operations and financial
condition. Further, the publicity associated with the Computer
Intrusion could materially harm our business and relationships
with customers.
Since discovering the Computer Intrusion, we have taken steps
designed to strengthen the security of our computer systems and
protocols and have instituted an ongoing program to continue to
do so. Nevertheless, there can be no assurance that we will not
suffer a future data compromise. We rely on commercially
available systems, software, tools and monitoring to provide
security for processing, transmission and storage of
confidential customer information, such as payment card and
personal information. We believe that the Intruder had access to
the decryption algorithm for the encryption software we utilize.
Further, the systems currently used for transmission and
approval of payment card transactions, and the technology
utilized in payment cards themselves, all of which can put
payment card data at risk, are determined and controlled by the
payment card industry, not by us. Improper activities by third
parties, advances in computer and software capabilities and
encryption technology, new tools and discoveries and other
events or developments may facilitate or result in a further
compromise or breach of our computer systems. Any such further
compromises or breaches could cause interruptions in our
operations, damage to our reputation and customers’
willingness to shop in our stores and subject us to additional
costs and liabilities.
|
| |||||||
