Security Watch | Matt Hines » What we're (not) learning from TJX

August 15, 2007 | Comments: (0)

What we're (not) learning from TJX

TAGS: Security

When TJX companies first reported its massive data breach at the beginning of this year, many financial and industry analysts predicted that customers would provide the most painful form of punishment for the misdeed and simply do their shopping elsewhere.

Once again, the so-called experts appear to have been wrong.

Beyond the harsh financial penalties that regulators, lawmakers and business partners would deliver upon companies such as TJX, we were told, the sound of customers' feet marching out of the retailer's stores would be the most painful result of the incident.

As we found out yesterday when the company reported its second quarter earnings -- that simply has not been the case.

While TJX has upped the overall expense of handling the systems intrusion -- believed to be initiated by a war driving wireless hack of its point-of-sale systems -- to a total of approximately $215.9 million -- including the cost of carrying out a painstaking forensic investigation, providing credit monitoring services to affected consumers, and paying off and legal defense fees and other fines -- its core business remains massively profitable.

In a time when many retailers are reporting soft numbers by industry estimates -- including industry bellwether Wal-Mart -- TJX reported on Tuesday that in-store sales and profit margins are on the rise and its management upped their expectations for the company's earnings-per-share for the year.

The implicit lesson has to be that consumers are either oblivious to the whole cycle of news reports and research being produced about the nature of corporate information leakage and its relation to identity theft (which has actually come under question), or that they simply feel there's nothing they can do about it, so why change their lifestyles to deal with the issue.

The companies that have to be the most upset are the credit card issuers and banks that have been forced, thus far, to eat the costs of sending out new cards to customers who may be among the estimated 46 million people whose information may have been stolen by the hackers -- but it remains to be seen how much money they're going to get from TJX by suing the firm over the incident.

At the same time, TJX is still ringing up heavy sales, and a lot of those transactions are likely being carried out using credit and debit cards, so, that has to make the banks and issuers happy on some level.

So who wins, and who loses most, is the biggest question in the end with this type of scenario. I'm sure TJX would like to have their $215.9 million back, along with their reputation as a trustworthy company, but as usual, it appears the little guy -- the one who gets their ID stolen based on the incident -- is the one who gets stuck -- not that they seem to care.

Posted by Matt Hines on August 15, 2007 03:31 PM

RATE THIS ARTICLE: