The company has reached a settlement with 42 states over allegations that it failed to provide adequate security for its customers. $5.5 million of the settlement will be dedicated to data protection and consumer protection efforts by the states and another $1.75 million will be used to reimburse the costs and fees of the investigation.
Massachusetts AG Martha Coakley's office led the executive committee running the investigation. In a statement, AG Coakley said, "This settlement ensures that companies cannot write-off the risk of a data breach as a cost of doing business. In addition to the monetary relief, this agreement requires TJX to implement and maintain a substantial data security program to ensure that this kind of data breach does not happen again." Massachusetts will get nearly $1 million in the settlement.
The parenthetical "plus" in my first paragraph refers to an additional cost included in the settlement agreement. TJX must implement major security improvements and report and must certify that its computer system meets detailed data security requirements specified by the states. The settlement also requires the company to encourage the development of new technologies to address weaknesses in the U.S. payment card system.
The other states participating in the agreement are Alabama, Arizona, Colorado, Delaware, Hawaii, Idaho, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Mexico, New York, North Carolina, North Dakota, Oklahoma, Rhode Island, South Dakota, Texas, Washington, West Virginia, Wisconsin, and the District of Columbia.
Other links: