General

Q: I received a letter/call from CB&T informing me that my information may have been breached, what do I need to do?
A: You have several options. First, you need to decide if you wish to replace your current card. CB&T offers two simple methods to replace your existing debit card. You can stop by any of our branch locations except Anchorage and Kroger Springhurst, and we can instantly issue you a new, personalized, ready to use Visa debit card. If this is not convenient for you, you can also call our Customer Service Center at 259-2000 (Louisville) or 633-1000 (Shelby County). Our customer service representatives are prepared to offer other accommodations to provide you with a new Visa debit card.
If you chose not to close your current card, we recommend that you carefully monitor your account activity and immediately notify us if you suspect fraudulent use. If you become aware of unauthorized transactions during non-business hours please call 1-866-840-2661 for debit card accounts, or 1-800-325-3678 for Credit Cards.
*ATM and Credit Card customers wishing to replace their cards must close their cards and have a new card mailed to them. This process generally takes 7-10 business days.

Q: What happened?
A: : TJX Companies, Inc; the parent company of T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores; suffered an unauthorized intrusion into its computer systems that store information related to customer transactions. It is believed that the intrusion first occurred in July 2005 and was stopped by mid-January 2006, but that no customer data was taken after December 18, 2006.
Additional information is available on TJX Companies website at www.TJX.com under ‘Important Customer Alert.’

Q: How much information was compromised?
A:A March 2007 release by the Company indicates that approximately 45.7 million separate payment cards and approximately 455,000 return transaction data were compromised. The intrusion involved the portion of TJX’s computer network that handles credit card, debit card, check and merchandise return transactions. Credit and debit card sales transactions made during 2003 and various subsequent periods through December 2006 in U.S., Puerto Rican, and Canadian stores was likely accessed in the intrusion.
TJX included a detailed analysis of the type of information believed to be compromised during various time periods on Page 7 of the March SEC 10-K filing available on their website www.TJX.com under Investor Relations/SEC filings.

Q: What type of information was compromised?
A: For the most part, Credit or Debit card number, expiration date, and some electronic security information not seen by the user was located on the portion of the TJX systems that was compromised. It is not believed that PIN data was compromised. Customer name and address information was not stored with this data.
Approximately 455,000 customer names, drivers' license, and address information was compromised as a result of transactions where merchandise was returned without receipts during September - December 2003 and May - June 2004. TJX sent letters to these customers directly and recommends that customers whose driver’s license number may have been compromised should immediately contact your local department of motor vehicles and ask them to put a fraud alert on your license. This alert will notify staff to any attempts to tamper with your driver’s license. Contact TJX if you have concerns related to this type of data; they have established a toll-free helpline 866-484-6978.

Q: How do I find out if my information was compromised as a part of this breach?
A: CCB&T has notified all customers with active accounts identified in the alerts released as a result of the TJX compromise investigation thus far. If you are concerned you may have missed our efforts to reach you, please contact our Customer Service Center at 259-2000 (Louisville) or 633-1000 (Shelby County).
CB&T does not have information related to accounts held with other institutions. We recommend that you contact the issuer of your accounts held at other institutions if you are concerned that such information may have been stored in the TJX systems.

Q: If my information was compromised, what does that mean?
A: Notification that your information was involved in the TJX system breach means that the investigation results indicate that your information was stored on the portion of the TJX system that may have been accessed in the unauthorized intrusion. This does not mean that your information has or will be used; but it does mean that there is an increased potential that your information could be used maliciously.

Q: What if I believe I wrote a check at one of these merchants?

A: TJX investigation thus far does not indicate that information obtained as a result of payment by check was compromised. As always, we recommend that you carefully review all of your account statements and immediately notify your bank if you suspect fraudulent use.

Level of Impact

Q: If one debit card attached to my checking account was compromised, should I close all cards attached to the checking account?
A: No, the information that was compromised is the information tied to a unique debit card. Your checking account number was not stored in the TJX system.

Q: If my debit card was compromised, should I close the checking account associated with the card?
A: No, A debit card is a unique number that merely grants access to your checking account. By closing the debit card, you have disabled future malicious attempts with this information.

Q: I received a letter informing me of a compromise on one account, should I close my other accounts?

A: No, unless you have reason to believe that other accounts have been compromised. CB&T has notified you of any of your accounts with CB&T that were included in the TJX breach as identified in their investigation. CB&T does not have knowledge of any information that may have been compromised on accounts held with other institutions. We recommend you contact the issuing Bank of your other cards if you are concerned of potential compromise of that data.

Information Security

Q: Am I at risk for identity theft as a result of this breach?
A: Most of the information potentially compromised does not include names, addresses, or social security numbers, which are important pieces of information needed to commit identity theft. It is always important to carefully review your financial statements promptly to ensure that any fraudulent activity is stopped quickly.
Remember CB&T will not send emails asking for personal information or call you to confirm your personal information. TJX has stated that they follow the same policy. Please use extreme caution before providing personal information via such methods.
* Customer names and drivers’ license information was compromised from transaction data where merchandise was returned without receipts. TJX sent letters to these customers directly, contact TJX if you have concerns related to this type of data. TJX has established a toll-free helpline 866-484-6978 A compromise of this nature would be cause for an increased risk of identity theft. Additional information on protecting your personal data is available here.

Q: What is CB&T doing to protect my information?
A: Please remember that although the information compromised as a part of the TJX system breach may involve your accounts held with CB&T, the information was not obtained in any way from any CB&T source. CB&T meets or exceeds all regulatory and industry standards for the ongoing protection of your information. For more information, our Privacy Statement is available here. Our Customer Service Center is available Monday through Friday, 8:00am to 5:00pm EST at 259-2000 (Louisville) or 633-1000 (Shelby County).

Q: What should I do if I suspect I may be a victim of Identity Theft?
A: If you believe your identity has been stolen, we recommend you notify a CB&T representative who can help you document the process and provide you with some additional resources. As always it is important to monitor your account statements for fraudulent transactions.
Additional identity theft information is available via FTC’s Identity Theft Hotline toll-free number is 1-877-IDTHEFT (1-877-438-4338) or you can visit their website.