TJX Agrees to Pay $9.75 million to 41 States in Data Breach Case
So, what happens when your company is the victim of probably the largest data breach in history? You have to pay the piper. This is exactly what happened to retail giant TJX. The company has agreed to pay $9.75 million to 41 states including California to settle an investigation of a massive 2007 data breach that jeopardized millions of payment card numbers. According to the LA Times, the company will pay $7.25 million in settlement and investigation costs. In addition, $2.5 million will go to create a data security fund for those states. California’s share is $624,393.
The company also stated in an official news release that it “firmly believes it did not violate any consumer protection or data security laws.” However, California Attorney General Jerry Brown had a different POV and cited the company’s 2004 internal audit, which found security vulnerabilities. Here’s what he had to say: “TJX ignored flaws in its credit card database, until hackers broke into it, gaining access to the personal information of almost 50 million people. This agreement requires the company to carefully test its security systems and upgrade them to the highest contemporary standards.”
So, what’s the moral of this story?? Always be prepared, stay one-step ahead of the bad guys and have the right breach plan in place.
.gif)
Facebook
LinkedIn
Twitter
Inform the appropriate credit bureaux who can in turn notify the victim and associated bank so cards can be blocked and future applications flagged for further investigation should an identity theft eventuate.
This case highlights the importance of independent audit reviews and management’s responsibility to implement appropriate corrective action plans to address findings. Management also needs to be prepared to allocate budget funding to ensure their infrastructure security controls to prevent and detect unauthorized access are updated on a regular basis to address new threats.