TJX To Pay Up To 40.9 Million For Data Breach

TJX will be paying as much as 40.9 million in a settlement with Visa and the bank that processes their credit card payments , says the Associated Press.

The funds will be used to help U.S. credit card issuers such as banks recover costs related to the breach, which may have exposed more than 100 million cards to potential fraud, TJX said.

The breach is believed to be the largest ever, based on the number of customer records involved.

Issuers of at least 80% of eligible cards must accept the offer by Dec. 19 for the settlement to take effect, said Framingham, Mass.-based TJX, owner of about 2,500 stores including T.J. Maxx and Marshalls.

Perhaps TJX will set an example of how important (to the bottom line) protecting your customer’s information really is.

Cross your fingers.

TJX will pay up to $40.9M for data breach [USAToday]


Edit Your Comment

  1. SaveMeJeebus says:

    I wonder if TJX is going to pay the card issuers in coupons and after-hours sales. They are as good as cash, you know.

  2. davebg5 says:

    I recently read an article about these data breaches (I wish I could remember where I read it) and it pretty much said that the credit card companies don’t force retailers to increase their data security b/c all of the fines that they get to impose when there is a breach are yet another source of money making fees for the banks.

    I’d say $40.9 million is a nice haul for Visa.

  3. hn333 says:

    Love how Visa is making money off credit card fraud.

  4. ekthesy says:

    $41MM for the banks and nothing for the individuals whose data was compromised?

  5. Beerad says:

    But we can’t really tell how much money Visa and the issuing banks are “making” off of the settlement. If up to 100 million cards were exposed, that’s a whole lot of expense for the companies to go through to issue new cards, notify all affected customers, track down suspected fraud cases, etc. I strongly doubt that the upshot of all of this is any profit for the affected companies.

  6. Beerad says:

    @ekthesy: Different settlement. Customers may end up getting hosed in their related settlement, as per [], but it’s a different piece.

    But how much were individuals with stolen credit card numbers actually damaged? Citibank sent me a letter one day with a new card saying that my old one “might” have been compromised, and they were switching my account to a new number. Sure it was a minor pain swapping all of my auto-payments to a new card, but it wasn’t exactly something that required monetary compensation.

  7. Beerad says:

    @Beerad: Just for clarity, my card replacement was not related to T.J. Maxx in any way. Citibank actually refused to disclose any information about the “potential breach”, which was irritating because I was wildly curious (never had any fraudulent charges or other issues on my account) but I can understand their position.

  8. davebg5 says:

    @Beerad: $40 million divided by 100 million cards = $400k per card.

    Since the breach was on the retailer’s side of things, it’s not as if Visa had any operational changes to make. Their costs are pretty much tied to notifications, investigations of alleged misuse and reissuing new cards.

    I find it hard to believe that it ran Visa $400k to do this for each card/customer.

  9. ElizabethD says:

    I hope this doesn’t make prices go up at TJMaxx and Marshall’s! 8-O

  10. Beerad says:

    @davebg5: Um, $40,000,000 divided by 100,000,000 = 40 cents per card. Sorry.

    And it’s not the cost of operational changes. It’s the cost of every issuing bank replacing and/or fixing customer cards and accoutns.

  11. amoeba says:

    This is just my opinion within the subject…I’ve been reading and hearing the same story over and over, about TJX will pay to the victims of ID Theft. So far we are a month before 2008 and nothing done. Still hearing that they will send; to the people affected, a 25% off coupon or a TJMAXX Store Event. I think they don’t even have the 40.9 million dollars to cover the damage.

  12. SilverHammer says:

    I’m pretty uninformed when it comes to legal matters, but my card was compromised as a result of the breach and I’m not sure how to benefit from the class action suit. Is any action necessary? Can I even get in on it at this point?

  13. KernelM says:

    @davebg5: Wow, there’s bad math and then there’s six orders of magnitude bad math.

  14. azntg says:

    You can see the jaded business mentality on both Visa (towards TJX) and TJX (towards consumers): Profit at any possible situation.

  15. bohemian says:

    I want compensation. I wasted a bunch of my time tracking down what accounts had the old card associated with them and changing payments. I also had a bunch of accounts go unpaid without me knowing until they were already late because me card number was shut down. Oh and the humiliation of having my card decline at Target when I had plenty of money in my account.

    I have been trying to find out how to get on the consumer class action. I found a website of a lawfirm that supposedly was handling it but they won’t answer email.

  16. EmmaC says:

    I know someone who got a letter about the data breach with TJX. She hasn’t heard anything since. It’s like they forgot about the consumers in this data breach.