The TJX Companies, Inc and MasterCard Inc were reported to reach an agreement in a lawsuit over a massive data breach.
TJX is due to pay out about $24 million to settle loss claims made by MasterCard issuers. Reimbursement is expected in the second quarter.
In December card-issuing banks consented not to sue TJX and allow the company to make the restitution.
On January 17, 2007, TJX announced that it was the victim of an unauthorized computer systems intrusion. It discovered in mid-December 2006 that its computer systems were compromised and customer data was stolen. The hackers accessed a system that stores data on credit card, debit card, check, and merchandise return transactions. The intrusion was kept confidential as requested by law enforcement. TJX said that it is working with defense contractor General Dynamics and IBM to upgrade computer security.
By the end of March 2007, the number of affected customers had reached 45.7 million and has prompted credit bureaus to seek legislation requiring retailers to be responsible for compromised customer information saved in their systems. In addition to credit card numbers, personal information such as social security numbers and driver's license numbers from 451 thousand customers were downloaded by the intruders. The breach was possibly due to a badly secured wireless network in one of the stores.