The TJX Companies Inc. and MasterCard International Inc. have entered into a settlement agreement that will provide issuers up to $24 million for data breach claims.
Under the agreement, alternative recovery offers will be made by MasterCard to eligible MasterCard issuers worldwide that issued payment cards claimed by them to have been affected by TJX’s previously announced unauthorized computer intrusions, and MasterCard will recommend that eligible MasterCard issuers accept such offers. Issuers must have previously filed claims and agree to the alternative recovery program’s terms to be eligible for compensation funded by the agreement.
TJX has agreed to pay out up to $24 million if at least 90% of issuers accept the offer by May 2. Issuers that choose to participate must agree not to seek or participate in any other recoveries and must also release MasterCard, TJX and TJX’s acquirers from all legal and financial liability associated with the TJX data breach.
In November, TJX announced an alternative recovery program with Visa USA Inc., in which it agreed to fund up to $40.9 million in alternative payments and that was conditional on an 80% acceptance rate. Several weeks later, the retail company said that financial institutions representing more than 95% of eligible Visa accounts affected by the data breach had accepted the offer.
“This accord with Visa is an example of how merchants and payment card companies can work together, which ultimately benefits consumers,” said Carol Meyrowitz, president/CEO at TJX, in a statement at that time.
The TJX data breach was first disclosed in early 2007 and was ultimately determined to have affected more than 100 million cards, making it one of the largest data breaches ever.
TJX also reached a settlement with the Federal Trade Commission recently over charges the retailer had engaged in practices that failed to provide reasonable and appropriate security for sensitive consumer information. The settlement will require that TJX implement a comprehensive security program and obtain audits by independent third-party security professionals every other year for 20 years.
“Providing a secure shopping environment for our customers remains a priority for TJX,” said Meyrowitz, in the statement about the Mastercard settlement. In addition to investments already made in bolstering the security of TJX’s computer system, the company is “installing security measures which exceed those of many other retailers and current industry requirements,” Meyrowitz said.