TJ Maxxed Out
TJX, the parent company of TJ Maxx, revealed in its most recent SEC filing that hackers may have stolen more than 40 million credit card numbers of customers.
Bad things happen to good companies. At the same time, they cannot hide behind the bad news.
The company learned about the security breach last December and promptly began working with law enforcement. It disclosed the breach when law enforcement officials said doing so would not jeopardize the investigation. This was the right course of action.
The latest disclosure, however, is disturbing.
Mistake No. 1: An SEC filing is no way to share bad news with customers, especially something as personal and worrisome as identify theft.
Mistake No. 2: The complete absence of the CEO Carol Meyrowitz. She should be meeting with reporters to apologize to customers for the error, explain the next steps, and tell customers how they can get help. So far, that doesn’t seem to be the case.
Security analysts estimate the breach could cost TJX $1.5 billion to fix. The loss of goodwill will be infinitely larger for every day the company buries its head in the sand.
Related posts: