The TJX Companies, Inc. Announces Settlement with Attorneys General Regarding 2005/2006 Cyber Intrusion(s); Cost Already Reflected in Previously Announced Reserve

FRAMINGHAM, Mass.--(BUSINESS WIRE)--The TJX Companies, Inc. (NYSE: TJX) today announced that it has settled with a multi-state group of 41 Attorneys General, resolving the States’ investigations relating to the criminal intrusion(s) into TJX’s computer system announced by TJX over two years ago. The cost for this settlement is already reflected in the reserve that TJX established in 2007.

Jeffrey Naylor, Chief Financial and Administrative Officer of The TJX Companies, Inc., stated, “This settlement furthers our goal of enhancing consumer protection, which has been central to TJX. Under this settlement, TJX and the Attorneys General have agreed to take leadership roles in exploring new technologies and approaches to solving the systemic problems in the U.S. payment card industry that continue to plague businesses and institutions and that make consumers in the United States worldwide targets for increasing cyber crime.”

Mr. Naylor continued, “The sheer number of attacks by cyber criminals demonstrates the challenges facing the U.S. payment card system in protecting sensitive consumer data. This settlement furthers TJX’s efforts to unite retailers, law enforcement, banks, and payment card companies to consider installing in the U.S. the proven card security measures that are already in use throughout much of the world.”

TJX firmly believes that it did not violate any consumer protection or data security laws. The decision to enter into this settlement reflects TJX’s desire to concentrate on its core business without distraction and to promote cyber security measures that will benefit all consumers.

Under the settlement, TJX has agreed to:

• Provide $2.5 million to establish a new Data Security Fund for use by the States to advance effective data security and technology;
• Provide a settlement amount of $5.5 million together with $1.75 million to cover expenses related to the States’ investigations;
• Certify that TJX’s computer system meets detailed data security requirements specified by the States; and
• Encourage the development of new technologies to address systemic vulnerabilities in the United States payment card system.

Despite TJX’s computer security being as good as or better than most other major U.S. retailers, international criminals attacked TJX’s computer network in 2005/2006. Following discovery of the breach in late 2006, TJX worked diligently with some of the world’s leading computer security firms and spent millions of dollars to further enhance its computer security. TJX also worked closely with federal law enforcement officials as they conducted an extensive international investigation of this complex crime. As previously reported, the Company’s efforts played a key role in bringing to justice the international ring of perpetrators who attacked TJX’s and many other companies’ systems. Eleven indictments were announced by the United States Attorney on August 5, 2008. To date, two of these indicted cyber criminals have pled guilty, and two other individuals have pled guilty to related charges on October 29, 2008 and April 28, 2009, respectively.

About The TJX Companies, Inc.

The TJX Companies, Inc. is the leading off-price retailer of apparel and home fashions in the U.S. and worldwide. The Company operates 882 T.J. Maxx, 811 Marshalls, 322 HomeGoods, and 141 A.J. Wright stores in the United States. In Canada, the Company operates 203 Winners, 75 HomeSense and 3 STYLESENSE stores, and in Europe, 242 T.K. Maxx and 8 HomeSense stores. TJX’s press releases and financial information are also available on the Internet at www.tjx.com. The Company routinely posts information that may be important to investors in the Investor Information section at www.tjx.com. The Company encourages investors to consult that section of its website regularly.

SAFE HARBOR STATEMENT UNDER THE PRIVATE SECURITIES LITIGATION REFORM ACT OF 1995: Various statements made in this release are forward-looking and involve a number of risks and uncertainties. All statements that address activities, events or developments that we intend, expect or believe may occur in the future are forward-looking statements. The following are some of the factors that could cause actual results to differ materially from the forward-looking statements: conditions of global economies and credit and financial markets; foreign currency exchange rates; execution of buying and inventory management; expansion of operations; identification of customer trends and preferences; fluctuation in results; risks of new market/category expansion; implementation of marketing, advertising and promotional programs; losses from and consequences of computer intrusion(s); seasonal influences; risks of operating a large, multi-division, multi-national business; unseasonable weather; competition; retention of personnel; acquisitions and divestitures; operation and implementation of information systems and technology; protection of data; level of cash flows generated; factors affecting consumer spending; merchandise quality and safety; import risks; risks of foreign operations; changes in law and regulations; outcomes of litigation and proceedings; risks of real estate ownership and leasing; stock price fluctuations and other factors that may be described in our filings with the Securities and Exchange Commission. We do not undertake to publicly update or revise our forward-looking statements even if experience or future changes make it clear that any projected results expressed or implied in such statements will not be realized.