Retail giant TJX Cos. has agreed to pay $9.75 million to 41 states to settle an investigation of a massive data breach that jeopardized millions of payment card numbers. TJX, the parent company of the T.J. Maxx and Marshalls discount clothing chains, will pay $7.25 million in settlement and investigation costs. In addition, $2.5 million will go to create a data security fund for those states.
In January 2007, TJX disclosed that hackers had tapped into its computer systems, which stored about 50 million customers’ credit and debit card numbers. The breach wasn’t detected for more than a year. The company emphasized in a news release that it “firmly believes it did not violate any consumer protection or data security laws.” California Attorney General Jerry Brown had a different take, citing TJX’s 2004 internal audit, which found security vulnerabilities. The Attorney General had this to say:
TJX ignored flaws in its credit card database, until hackers broke into it, gaining access to the personal information of almost 50 million people. This agreement requires the company to carefully test its security systems and upgrade them to the highest contemporary standards.
TJX’s chief financial officer, Jeffrey Naylor, said the settlement would allow TJX and the states’ attorneys general to take “leadership roles in exploring new technologies and approaches to solving the systemic problems in the U.S. payment card industry.” TJX had previously settled with consumers and banks.
The settlement involves claims brought against the company by 41 Attorneys General, led by the office of Massachusetts Attorney General Martha Coakley, that the company failed to protect its customers’ financial information. Coakley filed the assurance of discontinuance in Suffolk Superior Court in Massachusetts on June 23rd. Last September, TJX settled a case brought by consumers against the company and its bank, Fifth Third Bancorp, over 2005 and 2006 data breaches caused by computer hackers that compromised the security of at least 45.7 million consumer credit and debit cards. TJX agreed to give consumers who used a credit card, debit card or check at the stores during specified time periods $30 in cash or a $60 voucher for three years of credit monitoring plus the cost of replacing a driver’s license.
In December of 2007, TJX settled claims brought by three banks and three state bankers associations for undisclosed terms. TJX also agreed to implement its own stringent data security program. The settlement “ensures that companies cannot write-off the risk of a data breach as a cost of doing business,” according to General Coakley, who added:
All retailers and companies that hold or use personally identifiable information must employ data security systems that guard against the improper disclosure or use of that information.
New technologies must be developed to combat cybercrime targeting the payment card industry. The large number of attacks by cyber-criminals pose a most serious threat. The U.S. payment card system must protect “sensitive”consumer data. Security measures that are already in use throughout much of the world must be put in place in the U.S.
Source: Los Angeles Times
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.