TJX, MasterCard Agree on $24 Million Settlement

Institutions Have 90 Days to Approve Deal in Data Breach Case The price tag for The TJX Companies, Inc.(NYSE: TJX) to settle with MasterCard and its card-issuing banks is $24 million. This settlement, announced this week, comes on the heels of the TJX settlement with the Federal Trade Commission in late March.

While many in the industry see the FTC's settlement (no fines, but 20 years of security audits) as a slap on the wrist to the global multi-billion dollar retailer for the largest breach of data to date, (see related stories: TJX Settles With Feds | Reaction to TJX Settlement: "A Very Light Slap on the Wrist") the agreement with MasterCard makes TJX's total payback to affected financial institutions nearly $65 million. (See related story: TJX, Visa Agree to $40.9 Million Payout for Data Breach)

The agreement must be accepted by at least 90 percent of the issuing financial institutions in order to take effect. Affected banks and credit unions have 30 days to agree to this settlement. In accepting the settlement, the financial institutions also agree not to seek other recoveries, and must release MasterCard, TJX and TJX's acquirers from "all legal and financial liability associated with the TJX data breach," according to a statement from MasterCard. Participants in the settlement would receive financial restitution later this year.

"This agreement reflects MasterCard's continuing commitment to working with merchants and our customers to reach appropriate and fair resolutions of data breach events," says Joshua Peirez, chief payment system integrity officer for MasterCard Worldwide in the statement.

MasterCard says all eligible issuers will receive notification with further details about the settlement offer and the steps necessary to participate.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network