[an error occurred while processing this directive]
|Email story||Comment||Letter to the editor|
The hackers responsible have not been caught.
By MARK ALBRIGHT, Times Staff Writer
Published December 1, 2007
The parent of TJMaxx and Marshalls has agreed to pay up to $40.9-million to settle with Visa, Fifth Third Bancorp and other payment card issuers over the retailer's failure to protect credit card information from hackers.
The settlement stemmed from a criminal fraud investigation into a data breach that exposed up to 100-million Visa card account numbers to theft. Investigators determined the company failed to upgrade its encryption system and kept cardholders information longer than needed. In return for settling, Visa Inc. will rescind fines it levied against TJX Companies Inc. The settlement came a day after a federal judge tossed out a class action suit filed by several banks, saying they would have to sue separately.
The Framingham, Mass.-based retailer, which also owns the HomeGoods and A.J. Wright chains, said in September that it had settled customer class action suits and put $107-million in reserve to pay claims. Those settlements have yet to be approved by a judge.
TJX reported last January that its files had been hacked as far back as four years. Accounts covered in the settlement with Visa include signature or PIN-based transactions between Dec. 31, 2002 and Sept. 2, 2003, and between May 15 and Dec. 18, 2006.
Hackers who masterminded access to the TJX credit card history files have not been caught. But one group of 10 South Florida residents has been charged after going on a $1-million spending spree across Florida using stolen credit card numbers. Authorities suspect the group acquired the account numbers from the TJX hackers. The Miami group bought stacks of gift cards at stores such as Wal-Mart and Sam's Club in Central Florida, then cashed them in South Florida.
TJX said three-quarters of the initial 45.7-million account numbers compromised were for accounts that had either expired or did not include security code data embedded in magnetic stripes on the cards. The case led many banks to issue new account numbers as a precaution.
Information from the Associated Press was used in this report. Mark Albright can be reached at firstname.lastname@example.org or 727 893-8252.
[Last modified November 30, 2007, 23:14:07]