TJX settles with MasterCard for $24 million

Share this article:
Discount retailer TJX, parent of T.J. Maxx and Marshalls, has agreed to a $24 million settlement with MasterCard over a security breach that left tens of millions of credit card accounts at risk to identity theft.

The company said the pre-tax payout will go to banks that issue MasterCard credit cards and were impacted by the breach for things such as reissuing cards and fraud compensation. TJX said the settlement is covered by the more than $200 million it previously budgeted for the breach.

TJX said issuers with at least 90 percent of the eligible accounts must agree to the settlement by May 2 for it to take effect. Issuers must have previously filed claims and agree to the recovery program's terms to be eligible for compensation funded by the agreement, according to MasterCard.

Under the terms of the agreement, MasterCard card issuers who meet certain restrictions will be eligible to receive financial restitution in the second quarter of 2008, according to MasterCard. Card issuers also must agree to release MasterCard and TJX from “all legal and financial liability associated with the TJX data breach,” the bank card company said in a release.

"Beyond the millions of dollars we have spent to add significant security to our computer system, we are installing security measures which exceed those of many other retailers and current industry requirements," Carol Meyrowitz, president and chief executive officer of TJX, said in a prepared statement.

She added that the company looks "forward to a high level of issuer acceptance" of the settlement.

The TJX breach affected about 94 million accounts, according to court filings. TJX has admitted that the breach exposed 45.7 million credit card numbers to hackers.

In November, TJX agreed to pay Visa a $40.9 million settlement that will fund reimbursement to banks that issue Visa cards and were affected by the breach. Those banks agreed not to sue TJX as part of the settlement.

TJX also last week agreed to a settlement with the Federal Trade Commission over the breach. In that settlement, TJX agreed create a comprehensive security program and undergo a third-party audit of its security program every two years for the next 20 years.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.