TJX settles with MasterCard for US$24 million

Powered by SC Magazine
 

Discount retailer TJX, parent of T.J. Maxx and Marshalls, has agreed to a US$24 million settlement with MasterCard over a security breach that left tens of millions of credit card accounts at risk to identity theft.

The company said the pre-tax payout will go to banks that issue MasterCard credit cards and were impacted by the breach for things such as reissuing cards and fraud compensation. TJX said the settlement is covered by the more than $200 million it previously budgeted for the breach.

TJX said issuers with at least 90 percent of the eligible accounts must agree to the settlement by May 2 for it to take effect. Issuers must have previously filed claims and agree to the recovery program's terms to be eligible for compensation funded by the agreement, according to MasterCard.

Under the terms of the agreement, MasterCard card issuers who meet certain restrictions will be eligible to receive financial restitution in the second quarter of 2008, according to MasterCard. Card issuers also must agree to release MasterCard and TJX from “all legal and financial liability associated with the TJX data breach,” the bank card company said in a release.

"Beyond the millions of dollars we have spent to add significant security to our computer system, we are installing security measures which exceed those of many other retailers and current industry requirements," Carol Meyrowitz, president and chief executive officer of TJX, said in a prepared statement.

She added that the company looks "forward to a high level of issuer acceptance" of the settlement.

The TJX breach affected about 94 million accounts, according to court filings. TJX has admitted that the breach exposed 45.7 million credit card numbers to hackers.

In November, TJX agreed to pay Visa a $40.9 million settlement that will fund reimbursement to banks that issue Visa cards and were affected by the breach. Those banks agreed not to sue TJX as part of the settlement.

TJX also last week agreed to a settlement with the Federal Trade Commission over the breach. In that settlement, TJX agreed create a comprehensive security program and undergo a third-party audit of its security program every two years for the next 20 years.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
 
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1893

Vote
Do you support the abolition of the Office of the Information Commissioner?