Computerworld - In a move that could save it tens of millions of dollars in lawsuit damages, TJX Companies Inc. today announced that it will pay up to $40.9 million to Visa card issuers who may have been affected by a massive data breach disclosed by the retailer in January.
Under an agreement reached with Visa U.S.A. Inc., TJX said it will compensate banks that issued Visa payment cards potentially affected by the computer breach if they, in turn, agree not to sue the retailer over the breach.
Affected banks have until Dec 19 to accept the offer. Those that do so will be compensated by month's end, the company said in a statement today.
The proposed settlement comes even as the U.S. District Court in Boston this week overturned an effort by a group of bankers associations to gain class-action certification for their efforts against TJX.
Carol Meyrowitz, president and CEO of TJX, said the proposed settlement provides a "fair resolution" to banks that were affected by the breach and she expressed her hope that it would be broadly accepted. Meyrowitz added that the costs of the proposed deal with card issuers is already reflected in a charge TJX took in its fiscal 2008 second quarter.
In Visa's own statement, Ellen Richey, head of global risk management, said that those who accept the deal would "benefit greatly" because it offers immediate recovery of their data breach claims.
"This agreement demonstrates the importance of retailers and the payment card industry working together to protect cardholder data," she said in the statement.
As part of today's agreement, Visa will also suspend and rescind a portion of the data breach fines that it has levied on Fifth Third Bank, which authorized TJX to accept payment card transactions in the U.S. Under contractual terms, it is the acquiring banks that get directly fined by Visa for breaches such as those that occurred at TJX. Those fines are then typically passed on to the breached entity.
Visa and TJX agreed to rescinded fines because it would increase the amount of money available for the proposed settlement, Visa said. It added that only U.S.-based Visa card issuers are covered by the proposed settlement.
If the settlement is accepted by a majority of the affected banks, it could save TJX millions in damages and legal fees that the company would have ended up shelling out for lawsuits stemming from the breach.
The Boston court's decision to deny class-action status for the lawsuits brought against TJX by various banks and bankers associations also looks to be a big break for the retailer. The court's decision means that banks looking to sue TJX now must do so individually -- a potentially far more expensive and difficult task than if they were members of a class action.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
