HIPAA Blog

[ Monday, December 03, 2007 ]

 

Slightly off-topic: You may be aware of the huge ID-theft-inducing data security breach by the parent company of the TJ Maxx discount retailer. Well, it seems they've settled with a couple of credit card issuers who were probably left holding the bag on the data theft losses:


BOSTON – TJX Cos. announced the company will pay as much as $40.9-million in a settlement with Visa Inc. and Fifth Third Bank, over a massive breach of TJX customers' card data.


The funds will be used to help U.S. credit card issuers such as banks recover costs related to the breach, which may have exposed more than 100 million cards to potential fraud. The breach is believed to be the largest ever, based on the number of customer records involved.


Costs for the settlement, which also includes TJX card payment processor Fifth Third Bank, were part of $118-million in charges that TJX recorded in August 2007.


Separately, a federal judge presiding in a lawsuit brought by several banks ruled late last week that the banks cannot pursue claims against TJX and Fifth Third Bank as a class. The decision, a victory for TJX, means the banks must individually seek to recover costs from reissuing customers' credit cards as a precaution against fraud.


After initially disclosing the data heist in January 2007, TJX said three months later that at least 45.7 million cards were exposed to possible fraud in a breach of the company’s computer systems that began in July 2005. However, the breach went undetected until December 2006.

Hat tip: Jordan Herman


Jeff [11:56 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template