State News

TJX settles with N.C. over security breach

Posted June 23, 2009 1:37 p.m. EDT
Updated June 23, 2009 2:26 p.m. EDT

— Discount retailer TJX has reached a settlement with North Carolina and 40 other states over a massive data theft at the parent company of retailers T.J. Maxx and Marshall's a few years ago.

The Framingham, Mass.-based company will pay $2.5 million to create a data security fund for states and $7.25 million to cover expenses related to the states' investigations and consumer protection efforts. North Carolina will receive $108,000 from the settlement.

The breach was disclosed in January 2007 and exposed millions of payment card numbers to hackers.

In addition to the financial settlement, TJX agreed to upgrade wireless networks in its stores to make them less vulnerable to hackers, not store financial card data on its networks longer than necessary for processing, use firewalls and other measures to separate consumers' personal information from the rest of the corporate computer system and implement proper security password management for the portions of the computer system that store, process and transmit personal information.

“Businesses and government must keep up their efforts to better protect our personal information and to let us know when it’s been jeopardized,” North Carolina Attorney General Roy Cooper said in a statement. “When a security breach happens that puts your information at risk, act fast to protect yourself.”

Cooper said more than 40 percent of the security breaches reported to his office involved the theft of computers containing personal information.

TJX says the settlement's costs are already accounted for in a 2007 reserve it created.