FRAMINGHAM, Mass. (Legal Newsline) - Forty-one states have settled with TJX Cos. over a security breach at the company they were investigating.
The bulk ($5.5 million) of the $9.75 million will be used for data protection and consumer protection efforts by the states, while another $2.5 million will fund a data security trust fund to be used by the settling state attorneys general to advance policy development in the data security field.
Also, $1.75 million will be given to the states as reimbursement for investigative costs.
On Jan. 17, 2007, TJX disclosed that a hacker stole credit and debit card numbers and driver's license numbers from its computer system. The company operates stores like Marshall's, TJ Maxx and HomeGoods.
"This settlement ensures that companies cannot write-off the risk of a data breach as a cost of doing business. In addition to the monetary relief, this agreement requires TJX to implement and maintain a substantial data security program to ensure that this kind of data breach does not happen again," said Massachusetts Attorney General Martha Coakley, whose state is getting nearly $1 million in the settlement.
Coakley's office led the executive committee running the investigation. Other states in the committee were Arkansas, California, Connecticut, Florida, Illinois, New Jersey, Ohio, Oregon, Pennsylvania, Tennessee and Vermont.
TJX will upgrade all their wireless systems, not store credit or debit card data any longer than necessary, implement proper security password management for its customer systems and segment network-based portions of its system that contain personal information.
The other states participating in the agreement are Alabama, Arizona, Colorado, Delaware, Hawaii, Idaho, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Mexico, New York, North Carolina, North Dakota, Oklahoma, Rhode Island, South Dakota, Texas, Washington, West Virginia, Wisconsin, and the District of Columbia.
From Legal Newsline: Reach John O'Brien by e-mail at email@example.com.