by Meridith Levinson

TJX Takes $12 Million Hit in First Quarter for Data Breach

May 16, 20072 mins
Intrusion Detection Software

In spite of after-tax charge, the discount retailer manages to meet its financial plan for the quarter.

The TJX Companies, whose computer systems containing customer credit and debit card information had been hacked, said the impact of that data breach showed up in the discount retailer’s earnings for the first quarter. The company suffered an after-tax charge of $12 million, or 3 cents per share, due to the money the company has been shelling out to investigate and contain the breach, beef up its information security, communicate with customers and pay attorneys.

In spite of the intrusion, TJX managed to meet its financial plan for the quarter, according to the press release the Framingham, Mass.-based issued. Net sales increased six percent, to $4.1 billion from $3.8 billion the prior year. Same store sales, an important metric frequently used to determine a retailer’s health, nudged two percent over last year. Net income stayed roughly the same year over year at 34 cents per share and $162 million. It appears the breach didn’t slow sales, but its ongoing costs have affected the company’s earnings. See the company’s statement here.

TJX expects to incur more costs related to the intrusion in the second quarter and estimates them at 2 to 3 cents per share. Already, the Framingham, Mass.-based company had recorded a $3 million after-tax charge in the fourth quarter of its fiscal year 2007.

TJX announced on January 17, 2007 that its computer systems had been compromised. The affected systems process and store information related to customer transactions and contain information on customers’ credit cards, debit cards, checks, and merchandise they’d returned without receipts. The company discovered the data breach in mid-December 2006. The intrusions allegedly took place in 2005 and 2006. Customer information was stolen during these episodes, and TJX believes that such information comes from transactions that took place at its stores during the periods of 2003 to June 2004 and mid-May 2006 through mid-December 2006. CIO sister publication InfoWorld reported in March 2007 that stolen TJX customer data was used in a crime spree in Florida.

TJX operates T.J. Maxx, HomeGoods, A.J. Wright, Marshalls and Bob’s Stores.