TJX companies, the parent company of T J Maxx and Marshalls, the discount clothing stores, are to pay a massive $9.75 million in a settlement with 41 different states as a result of data breaches that put millions of people at risk of credit and debit card fraud.
Around 94 million card numbers were intercepted between 2005 and December 2006 when the data breach finally came to light. This breach is believed to be the largest ever data breach for a merchant. It is hoped that the settlement will finally resolve the issue.
TJX said it will be paying $5.5 million for data and consumer protection efforts by the states and $1.75 million to cover expenses already incurred in investigating the data breach.
The remaining $2.5 million will be used to fund a Data Security Trust Fund to be used to help advance enforcement efforts and policy development around data security and protecting personal information.
Were they too complacent, did they make mistakes? TJX said they “firmly believe” they did not violate any consumer protection or data security laws.
“The decision to enter into this settlement reflects TJX’s desire to concentrate on its core business without distraction and to promote cyber security measures that will benefit all consumers,” the company said in a statement.
Under the settlement agreement TJX will be required to upgrade all Wired Equivalency Privacy (WEP) based wireless systems in TJX retail stores to wired systems or Wi-Fi Protected Access (WPA) wired systems.
They will also have to ensure that credit card or debit card data is not stored on its network for any longer than is necessary for legitimate business purposes and to separate out from the rest of the TJX computer system those network-based portions of the TJX computer system that store, process or transmit personal information, by firewalls, access controls, and other appropriate measures.
TJX will also have to implement proper security password management for portions of their computer systems that store, process or transmit personal information.
The costs involved in the settlement have already been accounted for by TJX in a reserve that they created in 2007.
Data security breaches can be costly for everyone so no one can afford to be complacent. The trouble is we have no way of knowing how secure a retailer’s systems are when we make purchases and let’s face it, how many of us would bother to check.
As for the retailers, if a huge chain like TJX can’t get it right then who can?
If you want to find out all the latest news on tech why not subscribe to our RSS feed?
Leave a Reply