TJ Maxx, Subsidiaries Hacked For Consumer Information

HARTFORD ­— Attorney General Richard Blumenthal said this week that consumers who have shopped at T.J. Maxx, Marshall’s, HomeGoods, and A.J. Wright should closely monitor their financial statements and credit reports following the recent theft of consumers’ private information. He cited an ongoing investigation by his office, along with other states, into violations of consumer protection laws.

TJX Companies, Inc (TJX), operator of TJ Maxx, Marshall’s, HomeGoods, and A.J. Wright stores, recently reported that its computer systems were hacked late last year, and that customer data was stolen. Company officials said the hackers broke into a system that handles credit, debit card, and check transactions, as well as merchandise returns for customers nationwide.

TJX recently notified nearly 18,000 Connecticut consumers whose personal identification information (driver’s license, military identification, and state identification cards) may have been compromised and encouraged them to contact the Department of Motor Vehicles (DMV) to ensure their identities are not stolen.

For better protection, Connecticut licenses and identification cards — unlike other states — are assigned a unique identifying number, rather than the cardholder’s social security number. However, Mr Blumenthal recommended several steps consumers should take or consider to protect against identity theft.

“We are vigorously investigating this massive security breach — irrevocably impacting millions of TJX consumers,” Mr Blumenthal said. “We will examine whether consumer protection law violations occurred — and what protections TJX has implemented to prevent future security breaches. This gross security failure now requires consumer action to protect against indefinite threat of theft — placing fraud alerts and vigilantly monitoring credit.

“In an era when debits replace dollars in purchases, companies have a moral and legal obligation to protect consumers’ personal, private information.”

Consumers who believe their identity has been stolen or their accounts or information compromised, should take the following steps:

*Consider contacting any one of the following credit bureaus and ask that it place a fraud alert on your credit report:

*Equifax: 800-525-6285; www.equifax.com; PO Box 740250, Atlanta GA 30374;

*Experian: 888-EXPERIAN (397-3742); www.experian.com; PO Box 1017, Allen TX 75013; and

*TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, PO Box 6790, Fullerton CA 92634.

Once one of these companies is contacted it will then contact the others. The initial alert is valid for only 90 days and an identity theft report must be filed with each credit bureau in order to obtain an extended, seven-year alert.

Consumers should also request a free copy of their credit report to determine if the information in their credit report is accurate. To order a free annual report from one or all the national consumer reporting companies, visit www.annualcreditreport.com or call toll-free 877-322-8228

*Immediately contact the fraud department of each business or financial institution with which they have an account that has — or could have been — tampered with or opened fraudulently. Consumers should close all accounts that have been tampered with, and dispute in writing all suspicious transactions. Follow up with each company in writing.

*Contact local police and get a copy of the police report, because it may be requested by some companies or agencies investigating the theft or fraudulent use of personal information. Under state law, identity theft is a Class D Felony, punishable by one to five years in prison and a fine.

*Consider contacting each credit bureau to request a “Security Freeze” on your credit report. Identity thieves often try to open new credit accounts in a victim’s name, and merely placing a “Fraud Alert” on an account does not block new credit cards from being issued.

A “Security Freeze” prohibits credit bureaus from releasing a consumer’s credit report or any information without their the consumer’s authorization. The request must be made in writing by certified mail to each credit bureau (addresses below), upon which, the credit bureau must place the security freeze not later than five business days after receipt of the request.

Within ten days after placing a security freeze on a consumer account, the credit bureau will provide the consumer with written confirmation of the security freeze and a unique personal identification number, which the consumer will need if they wish to lift the freeze for a particular third party or for a period of time. Credit bureaus may charge a fee of $10 to initiate a freeze and $12 to temporarily lift a freeze; consumers may have the freeze temporarily or permanently removed at any time.

*Consumers should file a complaint with the Federal Trade Commission online at www.consumer.gov/idtheft, by phone at 877-IDTHEFT (877-438-4338), or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.

For additional information on identity theft, visit the following websites:

Department of Justice: www.usdoj.gov/criminal/fraud/idtheft.html

FDIC: www.fdic.gov/consumers/consumer/ccc/theft.html

Postal Inspectors: www.usps.com/postalinspectors/idthft_ncpw.html

*State law entitles consumers to require credit rating agencies to block and not report information appearing on their credit report to inquiring companies as a result of an identity theft crime. The consumer must submit the request in writing and include proof of identity and a copy of the police report of the crime.

*Identity theft victims may bring a civil action against an identity thief to recover damages.

*To speak with TJX directly, the company has set up a special toll-free number to respond to consumer inquiries: 866-430-0275.