TJX settles with MasterCard for $24 million

Share this article:
Discount retailer TJX, parent of T.J. Maxx and Marshalls, has agreed to a $24 million settlement with MasterCard over a security breach that left tens of millions of credit card accounts at risk to identity theft.

The company said the pre-tax payout will go to banks that issue MasterCard credit cards and were impacted by the breach for things such as reissuing cards and fraud compensation. TJX said the settlement is covered by the more than $200 million it previously budgeted for the breach.

TJX said issuers with at least 90 percent of the eligible accounts must agree to the settlement by May 2 for it to take effect. Issuers must have previously filed claims and agree to the recovery program's terms to be eligible for compensation funded by the agreement, according to MasterCard.

Under the terms of the agreement, MasterCard card issuers who meet certain restrictions will be eligible to receive financial restitution in the second quarter of 2008, according to MasterCard. Card issuers also must agree to release MasterCard and TJX from “all legal and financial liability associated with the TJX data breach,” the bank card company said in a release.

"Beyond the millions of dollars we have spent to add significant security to our computer system, we are installing security measures which exceed those of many other retailers and current industry requirements," Carol Meyrowitz, president and chief executive officer of TJX, said in a prepared statement.

She added that the company looks "forward to a high level of issuer acceptance" of the settlement.

The TJX breach affected about 94 million accounts, according to court filings. TJX has admitted that the breach exposed 45.7 million credit card numbers to hackers.

In November, TJX agreed to pay Visa a $40.9 million settlement that will fund reimbursement to banks that issue Visa cards and were affected by the breach. Those banks agreed not to sue TJX as part of the settlement.

TJX also last week agreed to a settlement with the Federal Trade Commission over the breach. In that settlement, TJX agreed create a comprehensive security program and undergo a third-party audit of its security program every two years for the next 20 years.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.