Breach, Threat Management, Data Security, Vulnerability Management

TJX settles for $525K with four banks over breach

TJX announced Wednesday that it has settled with the four remaining banks pursuing a class-action lawsuit against the discount retailer over a major breach disclosed more than 2 1/2 years ago.

As part of the settlement with AmeriFirst Bank, Trustco Bank, HarborOne Credit Union and SELCO Community Credit Union, the Framingham, Mass.-based retailer paid $525,000, according to a TJX statement. The money primarily will be used to cover the banks' expenses in pursuing the legal action.

Additionally, the four financial institutions agreed to drop all claims against TJX over the breach, which exposed as many as 94 million credit and debit card numbers.

In December 2007, after a state judge denied involved parties the right to sue under class-action status, TJX reached an agreement with the Massachusetts and Connecticut bankers associations and the Maine Association of Community Banks, in addition to three community banks in those states. Terms of the settlement were not disclosed, but TJX said its financial burden was covered as part of the $256 million it already budgeted for the breach.

The plaintiffs had sued TJX to recover fees, such as fraud monitoring and replacement cards, which can cost up to $25 each.


Wednesday's announced agreement settled remaining litigation with the four banks that were part of or sought to join the class-action lawsuit but did not accept the 2007 settlement.

All along, TJX has denied any wrongdoing connected with the breach, which was perpetrated through a vulnerable wireless network.

Last week, Albert Gonzalez, 28, of Miami, pleaded guilty to charges that he masterminded the attack on TJX. He is still facing charges in another high-profile data breach at Heartland Payment Systems.

In August 2008, federal authorities charged 11 people in connection with the incident. In January, one of the defendants, Maksym Yastremskiy, 25, of Ukraine, was sentenced to 30 years in prison for heading up the sale of stolen TJX data.

A TJX spokeswoman did not return a call Thursday seeking comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.