TJX settles with banks over data breach

Share this article:

TJX and three bankers groups have settled a lawsuit over costs related to the discount retailer's record data breach that may have exposed as many as 94 million accounts, the parties announced Tuesday.

 

The Framingham, Mass.-based TJX, which owns Marshalls and T.J. Maxx, reached an agreement with the Massachusetts and Connecticut bankers associations and the Maine Association of Community Banks, in addition to three community banks in those states.

 

Terms of the settlement were not disclosed, but TJX said its financial burden will be covered as part of the $256 million it has already budgeted for the breach, revealed in January.

 

The plaintiffs had sued TJX to cover fees, such as fraud monitoring and replacement cards, which can cost up to $25 each.

 

But the lawsuit became more about getting the word out on the need to implement data security measures to safeguard against hacker heists, Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, told SCMagazineUS.com today.

 

“The public is now aware that the banks are not the source of the data breach, TJX is now PCI compliant, and protecting consumer data has increased across retail firms,” he said. “Our number one motivation was to try and protect consumers in the short and the long term, and we think we've moved well in that direction.”

 

Spitzer cited rising numbers of companies achieving Payment Card Industry (PCI) compliance, and he said he believes the TJX breach and the resulting lawsuit contributed to that.

 

In October, Visa announced that 65 percent of level-one merchants and 43 percent of level-two merchants are compliant, up from 36 percent and 15 percent at the start of the year, respectively.

 

As part of the latest agreement, the three bankers associations recommend their member banks that issue Visa cards should accept TJX's $41 million settlement with Visa, a separate agreement announced on Nov. 30.

 

Mary Monahan, partner and analyst at Javelin Strategy & Research, said the Visa agreement and a number of other factors likely contributed to the latest settlement, which some analysts had predicted might set TJX back several hundred million dollars more.

 

The suit was dealt a blow when a judge transferred the case to a Massachusetts state court, thereby denying the plaintiffs the right to sue as a class under federal jurisdiction, Monahan said. In addition, TJX may be spared extreme penalties and court judgments because it was just one piece of a systemic security problem among merchants.

 

“In reality, when you look at what was going on at the time, most of the retailers were pretty similar to TJX,” Monahan said. “Their security was pretty typical for a retailer, and now there's no excuse anymore if this happens. But back when it did happen, there was less of a public knowledge about the security problems.”

 

AmeriFirst Bank, based in Alabama, was the only plaintiff not to agree to the settlement.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.