Discount retailer TJX, parent of T.J. Maxx and Marshalls, has agreed to a $24 million settlement with MasterCard over a security breach that left tens of millions of credit card accounts at risk to identity theft.
The company said the pre-tax payout will go to banks that issue MasterCard credit cards and were impacted by the breach for things such as reissuing cards and fraud compensation. TJX said the settlement is covered by the more than $200 million it previously budgeted for the breach.
TJX said issuers with at least 90 percent of the eligible accounts must agree to the settlement by May 2 for it to take effect. Issuers must have previously filed claims and agree to the recovery program's terms to be eligible for compensation funded by the agreement, according to MasterCard.
Under the terms of the agreement, MasterCard card issuers who meet certain restrictions will be eligible to receive financial restitution in the second quarter of 2008, according to MasterCard. Card issuers also must agree to release MasterCard and TJX from “all legal and financial liability associated with the TJX data breach,” the bank card company said in a release.
"Beyond the millions of dollars we have spent to add significant security to our computer system, we are installing security measures which exceed those of many other retailers and current industry requirements," Carol Meyrowitz, president and chief executive officer of TJX, said in a prepared statement.
She added that the company looks "forward to a high level of issuer acceptance" of the settlement.
The TJX breach affected about 94 million accounts, according to court filings. TJX has admitted that the breach exposed 45.7 million credit card numbers to hackers.
In November, TJX agreed to pay Visa a $40.9 million settlement that will fund reimbursement to banks that issue Visa cards and were affected by the breach. Those banks agreed not to sue TJX as part of the settlement.
TJX also last week agreed to a settlement with the Federal Trade Commission over the breach. In that settlement, TJX agreed create a comprehensive security program and undergo a third-party audit of its security program every two years for the next 20 years.
The company said the pre-tax payout will go to banks that issue MasterCard credit cards and were impacted by the breach for things such as reissuing cards and fraud compensation. TJX said the settlement is covered by the more than $200 million it previously budgeted for the breach.
TJX said issuers with at least 90 percent of the eligible accounts must agree to the settlement by May 2 for it to take effect. Issuers must have previously filed claims and agree to the recovery program's terms to be eligible for compensation funded by the agreement, according to MasterCard.
Under the terms of the agreement, MasterCard card issuers who meet certain restrictions will be eligible to receive financial restitution in the second quarter of 2008, according to MasterCard. Card issuers also must agree to release MasterCard and TJX from “all legal and financial liability associated with the TJX data breach,” the bank card company said in a release.
"Beyond the millions of dollars we have spent to add significant security to our computer system, we are installing security measures which exceed those of many other retailers and current industry requirements," Carol Meyrowitz, president and chief executive officer of TJX, said in a prepared statement.
She added that the company looks "forward to a high level of issuer acceptance" of the settlement.
The TJX breach affected about 94 million accounts, according to court filings. TJX has admitted that the breach exposed 45.7 million credit card numbers to hackers.
In November, TJX agreed to pay Visa a $40.9 million settlement that will fund reimbursement to banks that issue Visa cards and were affected by the breach. Those banks agreed not to sue TJX as part of the settlement.
TJX also last week agreed to a settlement with the Federal Trade Commission over the breach. In that settlement, TJX agreed create a comprehensive security program and undergo a third-party audit of its security program every two years for the next 20 years.
