TJX Companies Inc. Friday announced that it will pay up to US$40.9 million to Visa card issuers who may have been affected by a massive data breach disclosed by the retailer in January, a move that could save it tens off millions of dollars in lawsuit damages,

Under an agreement reached with Visa USA, TJX said it will compensate banks that issued Visa payment cards potentially affected by the wireless security breach if they, in turn, agree not to sue the retailer over the breach.

Affected banks have until Dec 19 to accept the offer. Those who do so will be compensated by month’s end, the company said in a statement Friday.

The proposed settlement comes even as the U.S. District Court in Boston this week overturned an effort by a group of bankers associations to gain class action certification for their efforts against TJX.

Carol Meyrowitz, president and CEO of TJX, said the proposed settlement provides a “fair resolution” to banks that were affected by the breach and she expressed her hope that it would be broadly accepted. Meyrowitz added that the costs of the proposed deal with card issuers is already reflected in a charge TJX took in its fiscal 2008 second quarter.

In its own statement, Visa’s head of global risk management, Ellen Richey, said that those who accept the deal would “benefit greatly” because it offers immediate recovery of their data breach claims.

“This agreement demonstrates the importance of retailers and the payment card industry working together to protect cardholder data,” she said in the statement.



Related Download
Security Training Resource Kit Sponsor: ITWC
Security Training Resource Kit
Want to reduce your security incidents? Experts say that training can reduce security incidents by anywhere from 45% to 70%. But how do you train your employees effectively? Yes, you can send memos and do courses, but who reads this stuff? That's why we took a different approach.
Download Now