A year after a major security breach, TJX Cos. Inc. said Thursday that banks representing more than 95 percent of eligible U.S. Visa credit card accounts that may have been compromised had accepted a settlement that the mass retailer said will cost more than $40 million.
The company said in March that information from 45.7 million credit and debit cards had been stolen by hackers during the period from July 2005 to December 2006.
Earlier this week, TJX said it reached a settlement agreement with Visa U.S.A. Inc., Visa Inc. and TJX’s U.S. acquiring bank, conditional to an 80 percent acceptance rate.
In a statement Thursday, Carol Meyrowitz, president and chief executive officer of TJX Cos., described the settlement as a "cooperative effort" with Visa.
TJX said it agreed to "fund up to $40.9 million in alternative recovery payments. These costs are already reflected in the charge related to the computer intrusion(s) that TJX took in its fiscal 2008 second quarter….The financial institutions that accepted this alternative recovery offer will receive their payments by Dec. 27, 2007. Each accepting issuer has waived certain rights to any other recovery through litigation or otherwise and provided certain releases of TJX and its U.S. acquiring banks."
On Tuesday, TJX Cos. said it entered into the settlement agreement "with all but one of the seven banks and bankers associations that sued TJX in a putative class action as a result of the intrusion(s) into TJX’s computer system."
The banks who signed on were: the Massachusetts Bankers Association, Connecticut Bankers Association and Maine Association of Community Banks, "along with Eagle Bank, Saugusbank and Collinsville Savings Society."
The retailer said in a statement that it "has denied all wrongdoing. The agreement follows the court’s recent ruling denying the plaintiffs’ motion to represent a class of banks in this action. That ruling is subject to a pending motion for reconsideration and a possible appeal by the non-settling plaintiff bank."