Retail giant TJX wrapped up the last major legal battle following last year's data breach, when almost all of the affected financial institutions agreed this week to accept an agreement proposed last month.
The settlement would allow Mastercard issuers whose customers' credit-card accounts were compromised in the breach to be reimbursed for the cost of replacing the cards. More than 99 percent of the financial institution affected by the data theft agreed to the terms of the settlement, which will pay up to $24 million, according to a TJX statement.
Last November, TJX announced that banks which issue Visa-branded credit and debit cards had also agreed to similar terms and a nearly $41 million settlement.
In January 2007, TJX announced that a security breach of its transaction processing network had resulted in data thieves stealing information on 45.6 million credit- and debit-card accounts. Banks and bank associations sued the company for their costs in replacing the cards. Evidence presented in the lawsuit in August raised the estimate of the number of cards affected by the breach to more than 100 million. Litigation following breaches at TJX and other retailers has convinced many merchants to minimize the amount of data collected in a transaction.
The impact of the data breach on TJX's business remains unclear. While the company has set aside $216 million as a reserve to absorb business and legal costs, regulatory filings have documented far fewer charges, including the two settlements with card issuers, a settlement with consumers, and about $30 million in breach-related costs.
The company's stock price reached $31.88 on Thursday, up approximately 6 percent from its level prior to the breach announcement in January 2007.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos