Tennessee shares settlement in TJ Maxx security breach

Millions of credit card numbers were exposed to hackers a few years ago By Wendy Lee • THE TENNESSEAN • June 24, 2009 TJX Companies Inc., the parent company of discounters TJ Maxx and , agreed to pay a $9.75 million settlement to Tennessee, along with 40 other state attorneys general related to a breach in its computer system that caused millions of credit card numbers to be exposed. Framingham, Mass.-based TJX has acknowledged as many as 45.7 million card numbers may have been compromised via hackers who accessed the retailer's computer system, potentially exposing cardholder data and other personal information. TJX said criminals attacked its network in 2005-2006. The $9.75 million settlement will go toward covering the various states' investigations and to implement and maintain a comprehensive information security program to plug any weaknesses in TJX's security systems. The retail chain also must meet detailed data security requirements specified by the states. Part of the settlement will pay for a new data security fund for the states to work on more effective data security and technology. Tennessee is to receive more than $340,000 in the settlement. TJX is an off-price retailer of apparel and home fashions in the U.S., Canada and Europe. It operates T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores, among others.