FRAMINGHAM – A class action lawsuit was filed yesterday in U.S. District Court in Boston against the TJX Cos., the same day the discount retailer confronting a data breach disclosed the departure of a director and provided additional information about an ongoing investigation.
Two law firms, including Stern Shapiro Weissberg & Garin LLP of Boston, yesterday filed an 11-page complaint against the Framingham company, which announced earlier this month someone broke into its computer system last year and stole credit and debit card numbers.
The lawsuit, filed on behalf of Paula G. Mace of West Virginia, alleges TJX failed to maintain adequate computer data security, which resulted in the exposure of millions of customers’ personal financial information. The company’s actions put customers at risk for fraud and identity theft and other damages, according to the complaint.
The lawsuit was filed the same the day the company took a more public role in discussing the data breach, which TJX disclosed Jan. 17. The company also said yesterday that Gary L. Crittenden resigned as a director on Wednesday. Mr. Crittenden, who is also a director at Framingham-based Staples Inc., is executive vice president and chief financial officer at American Express Co.
TJX spokeswoman Sherry Lang could not be reached for comment. She told Bloomberg News the company doesn’t comment on director resignations.
In a video message and memo posted yesterday on the company’s Web site, www.tjx.com, company officials said they waited a month to disclose the mid-December data breach to contain the problem and strengthen the company’s computer network.
TJX purchased a full-page advertisement in the Sunday Telegram and posted updated information on its Web site yesterday, including a 7-1/2 minute video from founder and Chairman Ben Cammarata.
“I regret any difficulties our customers may experience because of this incident,” Mr. Cammarata said while standing in an empty TJX store. “We want our customers to feel safe shopping in our stores and I really believe you are.”
The company said its investigation has determined that customer transactions at its Bob’s Stores were not involved in the data breach and that debit cards issued by Canadian banks also were not affected.
He said TJX has decided not to pay for any credit monitoring because such a service doesn’t detect fraud on debit or credit cards. He also said identity theft as a result of the data breach is unlikely because the vast majority of the stolen information did not include names or addresses. He reminded customers to be wary of potential scams as a result of the data breach. Customers should not provide any personal information about their bank accounts to anyone who might contact them by phone or e-mail, he said.
Contact business reporter Bob Keivra by e-mail at email@example.com.