TJX reaches settlement with states on data theft

Jun 23, 2009

(AP) -- Discount retailer TJX Cos. said Tuesday it has reached a settlement with multiple states related to a massive data theft that occurred at the parent company of retailers T.J. Maxx and Marshall's a few years ago.

The Framingham, Mass.-based company said it will pay $2.5 million to create a data fund for states as well as a settlement amount of $5.5 million and $1.75 million to cover expenses related to the states' investigations. But TJX stressed that it "firmly believes" that it did not violate any consumer protection or data security laws.

"The decision to enter into this settlement reflects TJX's desire to concentrate on its core business without distraction and to promote measures that will benefit all consumers," the company stated.

TJX said the settlement's costs are already accounted for in a 2007 reserve it created.

The breach, which was disclosed in January 2007, exposed tens of millions of payment card numbers to hackers. TJX has said that at least 45.7 million credit and debit cards were exposed to possible fraud in the computer systems breach that began in July 2005. The breach wasn't detected until December 2006.

Under the with a multi-state group of 41 Attorneys General, TJX must also certify that its computer system meets detailed data security requirements specified by the states and must encourage the development of new technologies to address weaknesses in the U.S. payment card system.

TJX runs 882 of its namesake stores, 811 Marshalls, 322 HomeGoods and 141 A.J. Wright stores in the U.S. It has 203 Winners, 75 HomeSense and 3 Stylesense stores in Canada and 242 T.K. Maxx and 8 HomeSense stores in Europe.

The company's stock fell 23 cents to $30.55 in afternoon trading.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Fine tuning your campaign: Scientists conduct research into crowdfunding

add to favorites email to friend print save as pdf

Related Stories

TJX Intruder Had Retailer's Encryption Key

Mar 30, 2007

Not that the culprit necessarily needed it. Data was apparently taken during the card-approval process before it was encrypted. These are among the latest details in what is almost certainly the worst retail data breach ever. ...

Why Encryption Didn't Save TJX

Mar 31, 2007

TJX: It's the target of the largest known customer record theft of all time, and it's a case in point that encryption is not a silver bullet.

TD Ameritrade data theft settlement gets court OK

May 11, 2009

(AP) -- More than 6 million current and former customers of online brokerage TD Ameritrade Holding Corp. will be able to benefit from the settlement of a class-action lawsuit filed over the theft of client contact information.

Monster settles SEC backdating charges for $2.5M

May 18, 2009

(AP) -- Monster Worldwide Inc., which runs the Monster job search Web site, has agreed to pay $2.5 million to settle federal civil charges that it secretly backdated options for its executives and employees.

Recommended for you

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

Brazil: Google fined in Petrobras probe

Dec 15, 2014

A Brazilian court says it has fined Google around $200,000 for refusing to intercept emails needed in a corruption investigation at state-run oil company Petrobras.

Microsoft builds support over Ireland email case

Dec 15, 2014

Microsoft said Monday it had secured broad support from a coalition of influential technology and media firms as it seeks to challenge a US ruling ordering it to hand over emails stored on a server in Ireland.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.