They set aside a whole $2.60 per affected customer to resolve any outstanding issues of identity theft or credit card compromise. Recently, they proposed actually paying customers for the time involved in resolving the issues they created - as long as your time is only worth $10 per hour and you don't spend more than 3 hours resolving your issues.
But, wait! There's more! In addition, they also propose to have a 15% off sale for three whole days. That means you get the honor of using your $30 voucher to buy a whole $34.50 worth of merchandise... at their store. Basically, their attitude seems to be "Hey, sorry we were negligent and your identity was stolen forcing you to spend hours with banks and merchants getting accounts frozen, charges reversed and cards re-issued, but here is a free shirt. We're cool now, right?"
I wasn't affected, but if I was I would not agree to $30 as just compensation for the damages- not even if they also throw a %15 off sale in my honor. If I were affected, and if I were considering their "offer", I would definitely reject it given the recent news that their web site remains vulnerable.
Despite the claim from President and CEO Carol Meyrowitz in her Important Customer Alert that "We remain committed to providing our customers a safe shopping environment as you shop for great values, fashion and brands. TJX has been working diligently with some of the world’s best computer security firms to further enhance our computer security," an XSS (cross-site scripting) flaw was discovered on their web site.
The ha.ckers.org web site posted information about the XSS flaw, along with a link to run a test exploit. Cross-site scripting vulnerabilities are unfortunately common on web sites, but a corporation that is rebounding from the biggest data security breach to date and making claims to be diligently improving security should not fall victim so easily to such a trivial attack.