TJX settles with states for $9.75 million over data breach
Wednesday, June 24, 2009
Massachusetts-based retailer TJX Companies has settled with 41 states for $9.75 million in a lawsuit over the massive data breach in 2005-2006 that exposed millions of credit card holders to potential identity theft and fraud.
State attorneys general sued the company in 2007 alleging that TJX's data security systems contained vulnerabilities that allowed hackers to compromise the system, which went undetected for "an unacceptable duration," Massachusetts attorney general Martha Coakley said yesterday.
The settlement includes funds for data protection efforts by the states and $2.5 million to fund a Data Security Trust Fund to be used by the state attorneys general to advance enforcement.
TJX also agreed to upgrade all Wired Equivalency Privacy (WEP) based wireless systems in TJX retail stores to wired systems or Wi-Fi Protected Access (WPA) wired systems; and to segment customer data from the rest of the company's systems through firewalls and other protections.
As part of the agreement, TJX will "not store consumer data any longer than necessary for legitimate business purposes," Coakley said.
Jeffrey Naylor, chief financial and administrative officer of TJX, said yesterday that the company believes it did not violate any consumer protection or data security laws.
"The sheer number of attacks by cybercriminals demonstrates the challenges facing the U.S. payment card system in protecting sensitive consumer data," Naylor said.
Related News:
ChoicePoint hit by $275K fine for 2008 data security breach - 10.21.2009
ChoicePoint, a large data broker subsidiary of Reed Elsevier, has been ordered to pay a $275,000 fine by the U.S. Federal Trade Commission, over a data breach in 2008 that exposed the private data of more than 13,000 customers.
TJX settles another class action over data breach - 9.4.2009
TJX Companies yesterday announced a settlement agreement that will result in the dismissal of a class action initiated by financial institutions as a result of the data breach of TJX's network security during 2005 and 2006 that exposed approximately 40 million credit card numbers.
Radisson data breach exposed credit card numbers - 8.20.2009
Between November 2008 and May 2009, hackers infiltrated the network security of computer systems at some Radisson hotels in the U.S. and Canada and accessed customer names and credit card numbers, the hotel chain disclosed Wednesday.
Feds indict TJX hacker for data theft in Heartland breach - 8.17.2009
Federal prosecutors on Monday indicted a Miami man in connection with the biggest credit card data breach on record - the theft of 130 million card numbers from Heartland Payment Systems - along with two other high-profile hacks.
Identity theft warnings issued to 13,000 after LexisNexis data breach - 7.16.2009
Two data breaches involving a subsidiary of LexisNexis have exposed the personal information of more than 13,000 consumers, leaving them vulnerable to identity theft and fraud.
|
