Update: Proposed TJX settlement could save retailer millions
But banks have to decide by Dec. 19 whether to accept the $40.9M deal
Computerworld - In a move that could save it tens of millions of dollars in lawsuit damages, TJX Companies Inc. today announced that it will pay up to $40.9 million to Visa card issuers who may have been affected by a massive data breach disclosed by the retailer in January.
Under an agreement reached with Visa U.S.A. Inc., TJX said it will compensate banks that issued Visa payment cards potentially affected by the computer breach if they, in turn, agree not to sue the retailer over the breach.
Affected banks have until Dec 19 to accept the offer. Those that do so will be compensated by month's end, the company said in a statement today.
The proposed settlement comes even as the U.S. District Court in Boston this week overturned an effort by a group of bankers associations to gain class-action certification for their efforts against TJX.
Carol Meyrowitz, president and CEO of TJX, said the proposed settlement provides a "fair resolution" to banks that were affected by the breach and she expressed her hope that it would be broadly accepted. Meyrowitz added that the costs of the proposed deal with card issuers is already reflected in a charge TJX took in its fiscal 2008 second quarter.
In Visa's own statement, Ellen Richey, head of global risk management, said that those who accept the deal would "benefit greatly" because it offers immediate recovery of their data breach claims.
"This agreement demonstrates the importance of retailers and the payment card industry working together to protect cardholder data," she said in the statement.
As part of today's agreement, Visa will also suspend and rescind a portion of the data breach fines that it has levied on Fifth Third Bank, which authorized TJX to accept payment card transactions in the U.S. Under contractual terms, it is the acquiring banks that get directly fined by Visa for breaches such as those that occurred at TJX. Those fines are then typically passed on to the breached entity.
Visa and TJX agreed to rescinded fines because it would increase the amount of money available for the proposed settlement, Visa said. It added that only U.S.-based Visa card issuers are covered by the proposed settlement.
If the settlement is accepted by a majority of the affected banks, it could save TJX millions in damages and legal fees that the company would have ended up shelling out for lawsuits stemming from the breach.
The Boston court's decision to deny class-action status for the lawsuits brought against TJX by various banks and bankers associations also looks to be a big break for the retailer. The court's decision means that banks looking to sue TJX now must do so individually -- a potentially far more expensive and difficult task than if they were members of a class action.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts