TJX, MasterCard Agree on $24 Million SettlementInstitutions Have 90 Days to Approve Deal in Data Breach Case The price tag for The TJX Companies, Inc.(NYSE: TJX) to settle with MasterCard and its card-issuing banks is $24 million. This settlement, announced this week, comes on the heels of the TJX settlement with the Federal Trade Commission in late March.
While many in the industry see the FTC's settlement (no fines, but 20 years of security audits) as a slap on the wrist to the global multi-billion dollar retailer for the largest breach of data to date, (see related stories: TJX Settles With Feds | Reaction to TJX Settlement: "A Very Light Slap on the Wrist") the agreement with MasterCard makes TJX's total payback to affected financial institutions nearly $65 million. (See related story: TJX, Visa Agree to $40.9 Million Payout for Data Breach)
The agreement must be accepted by at least 90 percent of the issuing financial institutions in order to take effect. Affected banks and credit unions have 30 days to agree to this settlement. In accepting the settlement, the financial institutions also agree not to seek other recoveries, and must release MasterCard, TJX and TJX's acquirers from "all legal and financial liability associated with the TJX data breach," according to a statement from MasterCard. Participants in the settlement would receive financial restitution later this year.
"This agreement reflects MasterCard's continuing commitment to working with merchants and our customers to reach appropriate and fair resolutions of data breach events," says Joshua Peirez, chief payment system integrity officer for MasterCard Worldwide in the statement.
MasterCard says all eligible issuers will receive notification with further details about the settlement offer and the steps necessary to participate.