TJX reaches settlement with states on data theft

Jun 23, 2009

(AP) -- Discount retailer TJX Cos. said Tuesday it has reached a settlement with multiple states related to a massive data theft that occurred at the parent company of retailers T.J. Maxx and Marshall's a few years ago.

The Framingham, Mass.-based company said it will pay $2.5 million to create a data fund for states as well as a settlement amount of $5.5 million and $1.75 million to cover expenses related to the states' investigations. But TJX stressed that it "firmly believes" that it did not violate any consumer protection or data security laws.

"The decision to enter into this settlement reflects TJX's desire to concentrate on its core business without distraction and to promote measures that will benefit all consumers," the company stated.

TJX said the settlement's costs are already accounted for in a 2007 reserve it created.

The breach, which was disclosed in January 2007, exposed tens of millions of payment card numbers to hackers. TJX has said that at least 45.7 million credit and debit cards were exposed to possible fraud in the computer systems breach that began in July 2005. The breach wasn't detected until December 2006.

Under the with a multi-state group of 41 Attorneys General, TJX must also certify that its computer system meets detailed data security requirements specified by the states and must encourage the development of new technologies to address weaknesses in the U.S. payment card system.

TJX runs 882 of its namesake stores, 811 Marshalls, 322 HomeGoods and 141 A.J. Wright stores in the U.S. It has 203 Winners, 75 HomeSense and 3 Stylesense stores in Canada and 242 T.K. Maxx and 8 HomeSense stores in Europe.

The company's stock fell 23 cents to $30.55 in afternoon trading.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Twitter takes note of other apps on smartphones

add to favorites email to friend print save as pdf

Related Stories

TJX Intruder Had Retailer's Encryption Key

Mar 30, 2007

Not that the culprit necessarily needed it. Data was apparently taken during the card-approval process before it was encrypted. These are among the latest details in what is almost certainly the worst retail data breach ever. ...

Why Encryption Didn't Save TJX

Mar 31, 2007

TJX: It's the target of the largest known customer record theft of all time, and it's a case in point that encryption is not a silver bullet.

TD Ameritrade data theft settlement gets court OK

May 11, 2009

(AP) -- More than 6 million current and former customers of online brokerage TD Ameritrade Holding Corp. will be able to benefit from the settlement of a class-action lawsuit filed over the theft of client contact information.

Monster settles SEC backdating charges for $2.5M

May 18, 2009

(AP) -- Monster Worldwide Inc., which runs the Monster job search Web site, has agreed to pay $2.5 million to settle federal civil charges that it secretly backdated options for its executives and employees.

Recommended for you

UN moves to strengthen digital privacy (Update)

Nov 25, 2014

The United Nations on Tuesday adopted a resolution on protecting digital privacy that for the first time urged governments to offer redress to citizens targeted by mass surveillance.

Spotify turns up volume as losses fall

Nov 25, 2014

The world's biggest music streaming service, Spotify, announced Tuesday its revenue grew by 74 percent in 2013 while net losses shrank by one third, in a year of spectacular expansion.

Virtual money and user's identity

Nov 25, 2014

Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.