Make us your home page

Parent of TJMaxx, Marshalls pays more to settle 2006-2007 data breach investigation

The parent of TJMaxx and Marshalls will pay $9.75 million and allow an unprecedented three years of state government monitoring of its data security effort to settle an investigation into how hackers swiped 100 million credit and debit card numbers three years ago.

TJX Cos. on Tuesday struck the deal with attorneys general from 41 states. It used some of the $107 million it set aside last year to deal with the fallout of the breach that went on for 17 months in 2006 and 2007. So far, $41 million has gone to reimbursing banks for their losses, and the state settlement will pay for the cost of its inquiry.

Florida, the site of the initial TJMaxx-Marshalls breach and much of the fraud it stirred up, was among five lead states to negotiate the settlement.

After describing TJX as a victim as much as consumers were, Florida Attorney General Bill McCollum said the deal shows he is serious that "companies need to take the appropriate precautions to protect the data with which customers entrust them."

TJX chief financial officer Jeffrey Naylor termed the agreement a sign that the company and state law enforcement officials are resolved to better protect consumer data from hackers. The deal spells out specific steps for TJX to tighten data security, requires notice in 10 days if there is another lapse and earmarks $500,000 for the state to monitor compliance and look into other increasingly common payment card data breaches.

In the TJX case, which started in a parked van outside a Miami Marshalls, hackers tapped into a TJX wireless network that transmits credit and debit numbers between stores and a central data center. They swiped personal information such as the driver's license numbers of 450,000 people who returned merchandise without receipts. Crooks as far away as Sweden and Hong Kong tried to use the card numbers. Police in Gainesville arrested a ring that allegedly implanted the numbers on enough gift cards to buy $3 million in valuables at Wal-Mart and Sam's Clubs.

Usually card issuers eat bogus charges and issue new cards. But customers are angered by the uncertainty of losing money and are not always reimbursed. Many card issuers refuse to tell customer which retailer's system was tapped.

The state settlement follows a recent TJX settlement with the U.S. Federal Trade Commission, but not everybody sees government looking over the payment industry's shoulder as a good thing.

"If it's protecting consumers, that's one thing," said Avivah Litan, a computer security expert with Gartner Research. "But the government should not get out of its league dictating technology solutions. It changes faster than they can keep up."

Mark Albright can be reached at or (727) 893-8252.

Parent of TJMaxx, Marshalls pays more to settle 2006-2007 data breach investigation 06/23/09 [Last modified: Tuesday, June 23, 2009 9:24pm]
Photo reprints | Article reprints

© 2017 Tampa Bay Times


Join the discussion: Click to view comments, add yours

  1. Rick Scott appoints 'my friend,' Jimmy Patronis, as Florida CFO

    State Roundup

    TALLAHASSEE — Gov. Rick Scott on Monday appointed a long-time friend and political supporter, Jimmy Patronis, to replace Jeff Atwater as Florida's next chief financial officer, making him one of three members of the Cabinet that sets state policy on a wide range of issues. He'll take over Friday.

    Rick Scott appoints Jimmy Patronis (background) as CFO. [STEVE BOUSQUET | Tampa Bay Times]
  2. Local gas prices plummet as Fourth of July holiday travel approaches


    TAMPA — Local gas prices are enjoying an unseasonal dip around the $2 mark just in time for the hectic Fourth of July holiday travel weekend.

    The price of regular unleaded gasoline has dropped to $1.99 at a Rally station on Pasadena Ave. South and Gulfport Boulevard South, South Pasadena.
[SCOTT KEELER   |   Times]

  3. Air bag recalls, lawsuits lead Takata to file for bankruptcy


    Shattered by recall costs and lawsuits, Japanese air bag maker Takata Corp. filed Monday for bankruptcy protection in Tokyo and the U.S., saying it was the only way it could keep on supplying replacements for faulty air bag inflators linked to the deaths of at least 16 people.

    Japanese air bag maker Takata Corp. CEO Shigehisa Takada bows during a press conference in Tokyo on Monday. Takata has filed for bankruptcy protection in Tokyo and the U.S., overwhelmed by lawsuits and recall costs related to its production of defective air bag inflators.
[(AP Photo/Shizuo Kambayashi]
  4. Airbag maker Takata bankruptcy filing expected in Japan, U.S.


    DETROIT — Japanese airbag maker Takata Corp. has filed for bankruptcy protection in Tokyo and the U.S., overwhelmed by lawsuits and recall costs related to its production of faulty air bag inflators.

  5. Federal agencies demand records from SeaWorld theme park


    ORLANDO — Two federal agencies are reportedly demanding financial records from SeaWorld.

    Killer whales Ikaika and Corky participate in behaviors commonly done in the wild during SeaWorld's Killer Whale educational presentation in this photo from Jan. 9. SeaWorld has been subpoenaed by two federal agencies for comments that executives and the company made in August 2014 about the impact from the "Blackfish" documentary. 
[Nelvin C. Cepeda/San Diego Union-Tribune/TNS]