Custom Search

June 23, 2009

Settlement reached between 41 states and TJX Companies regarding data breach

Thomas Allen of NBC13 writes the following regarding the settlement between 41 states and TJX regarding the data breach in 2007 that allowed the personal information of millions to be stolen.

Alabama "Attorney General Troy King, together with 40 other State Attorneys General, announced a settlement with the TJX Companies, Inc. The Assurance of Voluntary Compliance between the parties resolves an investigation concerning TJX’s data security practices and whether they adequately protected customers’ financial information and sufficiently guarded against a massive data breach affecting customer and transaction information for TJ Maxx, HomeGoods, and Marshalls stores that placed thousands of consumers’ personal data at risk, nationwide. Under the terms of the settlement, Alabama will receive $58,968.30 to aid consumer protection enforcement and efforts to protect consumers’ personally-identifiable information. TJX cooperated fully in the States’ investigation. ...

'Because of today’s settlement, Alabamians can now shop at these businesses more confident that new protections are in place to ensure their personal information is encrypted and more difficult for criminals to access.' In 2007, after TJX announced that certain persons had obtained unauthorized access to its computer systems enabling them to seize cardholder data and other personally identifiable information, the coalition of Attorneys General conducted an extensive investigation into TJX’s data security policies and procedures in place when the breach occurred. That investigation uncovered a number of vulnerabilities and flaws in TJX’s data security systems that facilitated the unlawful intrusion and allowed it to last undetected for an unacceptable duration. Today’s settlement reflects the lessons learned from that data breach and requires TJX to implement an information security program designed to guard against future intrusions or unauthorized disclosures. The Assurance’s relief, in that regard, is the most comprehensive relief achieved to date following a data breach investigation.

The settlement ensures that TJX will employ a comprehensive 'Information Security Program' that assesses internal and external risks to consumers’ personal information, implements the safeguards that will best protect that consumer information, and regularly monitors and tests the efficacy of those safeguards. TJX also will report regularly to the Attorneys General on the efficacy of its program, after obtaining a third-party assessment of its systems. TJX has agreed to pay $9.75 million to the states and to implement and maintain a comprehensive information security program to address weaknesses in TJX’s computer security systems in place at the time of the breach. Of the $9.75 million settlement, $5.5 million is to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million is to reimburse the costs and fees of the investigation. The remaining $2.5 million of the settlement will fund a Data Security Trust Fund to be used by the State Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information."

The rest of the article is found here -

No comments:

Post a Comment