TJX offers £20m settlement over breach
Published: 03 Dec 2007 15:22 GMT
The parent company of TK Maxx in the UK has offered to settle with banks for $40.9m (£19.8m) over the world's largest commercial security breach.
The settlement agreement, which needs to be accepted by 80 percent of Visa issuers to become effective, would guarantee up to a maximum of $40.9m (£20m)pre-tax in "alternative recovery payments", TJX said in a statement.
"We believe this settlement agreement provides a fair resolution of these issues, and look forward to a high issuer acceptance of the proposal," said Carol Meyrowitz, president and chief executive officer of TJX Companies in a Friday statement. "At TJX, we have learned a great deal about the risks of cyberattacks and have responded aggressively to take our own security to even higher levels."
Each accepting bank will waive certain rights to any other asset recovery from TJX "through litigation or otherwise", according to the statement. Visa will suspend and rescind certain fines imposed on the retailer, while TJX will pilot new payment card security technology and "serve as a spokesperson in support of the goals of the Payment Card Industry — Data Security Standards[PCI-DSS]". These standards govern how data is kept secure during transaction processes.
Watch this
Dialogue Box 3.9: JCB phone torture test
Dialogue Box deconstructs Sonim's JCB-branded phone, first in the studio and then by running it over with a truck
Visa found TJX to be in PCI-DSS in January, after TJX admitted its systems had been hacked.
TJX admitted in March that 45.7 million customer accounts had been compromised in attacks over two years. Investigators claimed the breaches came as a result of TJX's Wi-Fi network being sniffed and the WEP encryption protocol used by TJX being broken. However, a group of plaintiff banks claimed as part of a lawsuit in October that as many as 96 million credit-card details had been lost.
TJX stated in an SEC filing in July that cyberthieves first accessed its computer systems in July 2005 and installed software to harvest sensitive customer information such as account information, names and addresses, driver's licence numbers and military and state identification. The breach continued until mid-January 2007.
Affected accounts included those involved in credit and debit card transactions, as well as cheques and returned merchandise without receipts at the company's Marshalls, TJ Maxx, HomeGoods and AJ Wright stores in the US and Puerto Rico. Credit-card transactions at TJX's Winners and HomeSense stores in Canada, as well as credit and debit card transactions at its TK Maxx stores in Ireland and the UK, were also compromised.
HMRC fiasco: Security experts predict fallout
A national ID ecosystem undermined for two generations, a rash of phishing scams and a credit crisis have been forecast by experts [23 Nov 2007]
The worst IT security incidents of 2007
The year may not be over yet, but it will be hard to beat the major blunders on this list when it comes to security [14 Nov 2007]
Damage to corporate brand worries IT managers
A recent survey has found that potential harm to their firm's image now competes with natural and manmade disasters as a major concern for IT managers [17 Oct 2007]
Privacy experts: TJX breach was 'foreseeable'
A report by Canadian privacy authorities has concluded that the retailer failed to put in place adequate security measures [26 Sep 2007]
Wi-Fi hack caused TK Maxx security breach
The biggest loss of credit-card data in history was brought about largely because of lax wireless LAN security, it has emerged [08 May 2007]
TK Maxx 'should disclose hacking details'
Security specialists claim that the retailer should reveal how its systems were compromised so other companies can prevent similar attacks [30 Mar 2007]
TK Maxx owner: 45.7m accounts were compromised
Filing with the SEC shows that the security breach of TJX's customer records was far larger than previously thought [30 Mar 2007]
TK Maxx owner criticised after security breach
Visa has claimed that TJX, parent company of UK retailer TK Maxx, was violating data-storage rules when a hacker broke in and stole customer details [30 Jan 2007]
TK Maxx customers hit by hacking scare
Credit card details of UK consumers may have been stolen in an online attack in America [18 Jan 2007]
Did you find this article useful?
3 out of 3 people found this useful
- Share this article:
