Press Release

The TJX Companies, Inc. Victimized by Computer Systems Intrusion; Provides Information to Help Protect Customers

FRAMINGHAM, Mass.--(BUSINESS WIRE)--Jan. 17, 2007--The TJX Companies, Inc. (NYSE:TJX) today announced that it has suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions. While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known. This intrusion involves the portion of TJX's computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada, and may involve customers of its T.K. Maxx stores in the U.K. and Ireland. The intrusion could also extend to TJX's Bob's Stores in the U.S. The Company immediately alerted law enforcement authorities of the crime and is working closely with them to help identify those responsible. TJX is also cooperating with credit and debit card issuers and providing them with information on the intrusion.

TJX is conducting a full investigation of the intrusion with the assistance of several leading computer security and incident response firms and is seeking to determine what customer information may have been compromised. The Company is committed to providing its customers with more information when it becomes available.

With the help of leading computer security experts, TJX has significantly strengthened the security of its computer systems. While no computer security can completely guarantee the safety of data, these experts have confirmed that the containment plan adopted by TJX is appropriate to prevent future intrusions and to protect the safety of credit card, debit card and other customer transactions in its stores.

Ben Cammarata, Chairman and Acting Chief Executive Officer of The TJX Companies, Inc., stated, "We are deeply concerned about this event and the difficulties it may cause our customers. Since discovering this crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems and we believe customers should feel safe shopping in our stores. Our first concern is the potential impact of this crime on our customers, and we strongly recommend that they carefully review their credit card and debit card statements and other account information for unauthorized use. We want to assure our customers that this issue has the highest priority at TJX."

    Important Information for Customers

    --  TJX has established a special helpline for its customers who
        have questions about this situation. Customers may reach the
        helpline toll-free at 866-484-6978 in the United States,
        866-903-1408 in Canada, and 0800 77 90 15 in the United
        Kingdom and Ireland.

    --  TJX will also provide information for customers on its
        website,, including tips on preventing credit and
        debit card fraud and other steps customers may take to protect
        their personal information.

    --  TJX strongly recommends that customers carefully review their
        account statements and immediately notify their credit or
        debit card company or bank if they suspect fraudulent use.

    Actions Taken By TJX

    --  Upon discovery of the intrusion in mid-December, 2006, TJX
        immediately notified and began working closely with law
        enforcement authorities, including the United States
        Department of Justice and Secret Service and the Royal
        Canadian Mounted Police. The Company has coordinated its
        actions with these authorities and provided all assistance
        requested to seek to identify the criminals responsible for
        this incident. TJX maintained the confidentiality of this
        intrusion as requested by law enforcement.

    --  The Company immediately engaged General Dynamics Corporation
        and IBM Corporation, two leading computer security and
        incident response firms. TJX has been working aggressively
        with these firms to monitor and evaluate the intrusion, assess
        possible data compromise, and seek to identify affected
        information. These firms have assisted TJX in further securing
        its computer systems and implementing security upgrades.

    --  TJX promptly notified and began working closely with the major
        credit card companies (American Express, Discover, MasterCard
        and VISA) and entities that process our customers'
        transactions. The Company has been providing them information
        including all requested credit and debit card information.

    Information About the Intrusion

Through its investigation, TJX has learned the following with respect to the intrusion:

    --  An unauthorized intruder accessed TJX's computer systems that
        process and store information related to customer transactions
        for its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores
        in the U.S. and Puerto Rico and its Winners and HomeSense
        stores in Canada.

    --  The Company is concerned that the intrusion may extend to the
        computer systems that process and store information related to
        customer transactions for T.K. Maxx in the U.K. and Ireland,
        although TJX's investigation has not yet been able to confirm
        any such intrusion. It is possible that the intrusion may
        extend to Bob's Stores.

    --  Portions of the information stored in the affected part of
        TJX's network regarding credit and debit card sales
        transactions in TJX's stores (excluding Bob's Stores) in the
        U.S., Canada, and Puerto Rico during 2003, as well as such
        information for these stores for the period from mid-May
        through December, 2006 may have been accessed in the
        intrusion. TJX has provided the credit card companies and
        issuing banks with information on these and other

    --  To date, TJX has been able to specifically identify a limited
        number of credit card and debit card holders whose information
        was removed from its system and is providing this information
        to the credit card companies. In addition, TJX has been able
        to specifically identify a relatively small number of customer
        names with related drivers' license numbers that were also
        removed from its system, and TJX is contacting these
        individuals directly.

    --  TJX is continuing its investigation seeking to determine
        whether additional customer information may have been
        compromised. TJX does not know if it will be able to identify
        additional information of specific customers that may have
        been taken.

The Company does not yet have enough information to estimate the extent of the financial cost it will incur as a result of this situation, and does not expect to be able to quantify the estimated financial impact of this issue at the time TJX announces January 2007 sales.

The TJX Companies, Inc. is the leading off-price retailer of apparel and home fashions in the U.S. and worldwide. The Company operates 826 T.J. Maxx, 751 Marshalls, 271 HomeGoods, and 162 A.J. Wright stores, as well as 36 Bob's Stores, in the United States. In Canada, the Company operates 184 Winners and 68 HomeSense stores, and in Europe, 212 T.K. Maxx stores. TJX's press releases and financial information are also available on the Internet at

SAFE HARBOR STATEMENTS UNDER THE PRIVATE SECURITIES LITIGATION REFORM ACT OF 1995: Various statements made in this release are forward-looking and involve a number of risks and uncertainties. All statements that address activities, events or developments that we intend, expect or believe may occur in the future, including projections of earnings per share and same store sales, are forward-looking statements. The following are some of the factors that could cause actual results to differ materially from the forward-looking statements: the results and effects of the intrusion into our computer system including the outcome of our investigation, the extent of customer information compromised and consequences to our business including effects on sales and liabilities and costs in connection with this intrusion; our ability to successfully expand our store base and increase same store sales; risks of expansion and costs of contraction; our ability to successfully implement our opportunistic inventory strategies and to effectively manage our inventories; successful advertising and promotion; consumer confidence, demand, spending habits and buying preferences; effects of unseasonable weather; competitive factors; factors affecting availability of store and distribution center locations on suitable terms; factors affecting our recruitment and employment of associates; factors affecting expenses; success of our acquisition and divestiture activities; our ability to successfully implement technologies and systems and protect data; our ability to continue to generate adequate cash flows; availability and cost of financing; general economic conditions, including gasoline prices; potential disruptions due to wars, natural disasters and other events beyond our control; changes in currency and exchange rates; import risks; adverse outcomes for any significant litigation; changes in laws and regulations and accounting rules and principles; adequacy of reserves; closing adjustments; effectiveness of internal controls; and other factors that may be described in our filings with the Securities and Exchange Commission. We do not undertake to publicly update or revise our forward-looking statements even if experience or future changes make it clear that any projected results expressed or implied in such statements will not be realized.

    CONTACT: The TJX Companies, Inc.
             Sherry Lang, Vice President
             Investor and Public Relations
             (508) 390-2323

    SOURCE: The TJX Companies, Inc.