TJX Cos. Inc. late on Tuesday said it has settled with three banking associations and three individual banks that sued the off-price retailer in the wake of a data breach that potentially compromised nearly 100 million credit and debit card numbers. That leaves just one Alabama community bank still in court against the owner of the T.J. Maxx, Marshalls, and other chains. Under the settlement, the Massachusetts Bankers Association, Connecticut Bankers Association, and Maine Association of Community Banks, along with Eagle Bank, Saugusbank, and Collinsville Savings Society, will dismiss all of their claims against TJX. The parties did not release terms of the agreement, but Framingham, Mass.-based TJX said in a release that the amount TJX would pay primarily is to reimburse the associations and banks for a negotiated portion of the expenses they incurred in the case, excluding attorney fees. TJX said it has already covered the cost of the settlement as part of a reserve it took earlier. A number of banks reissued cards as a precaution after TJX in January disclosed the massive hack of its computer systems where payment card information and some driver's license data were stored (Digital Transactions News, Jan. 29). The breach, the biggest of its kind on record, exposed a rift between merchants and the card industry over the improper storage of cardholder information and data security in general, especially the Payment Card Industry data-security standard, or PCI. The card networks strongly back PCI, but many merchants have chafed under the costs and difficulties of implementing it. TJX was not compliant with PCI when the breach happened?in fact, according to published reports citing internal TJX documents filed in pre-trial proceedings, the company was postponing upgrades to its computer security for as long as possible. TJX is now compliant with PCI, president and chief executive Carol Meyrowitz said in yesterday's release. The bank and trade-association plaintiffs suffered a legal blow Nov. 29 when a federal judge in Boston refused to consolidate their separate lawsuits into a class action and then remanded the case to the Massachusetts state court system. Still, a spokesperson for the Boston-based Massachusetts Bankers Association said the lawsuits produced some good beyond the direct benefits of the settlement. “We're settling because we believe we have already achieved many objectives of the litigation,” the spokesperson tells Digital Transactions News. “Notably, the public is now aware we were not the source of the data breach. Also, TJX is now PCI-complaint. Generally the protection of customer data has improved. Our litigation was highly influential.” The only financial plaintiff left is Union Springs, Ala.-based Amerifirst Bank, which has just four locations. Citing client confidentiality, Inge Johnstone, a Birmingham, Ala. lawyer for the bank, says he can't comment on the bank's reasons for not entering into the settlement. Amerifirst could try to appeal certain aspects of the case that were dismissed in federal court, file suit in the Massachusetts courts, or sue in other states. “At this point there are several options,” Johnstone says. As part of the settlement, the three banking associations are recommending that their Visa-issuing members accept an offer Visa Inc. announced Nov. 30 with TJX and TJX's U.S. merchant acquirer, Fifth Third Bancorp. Under the so-called “alternative recovery program,” TJX is providing up to $40.9 million in pre-tax funds to compensate U.S. Visa issuers for breach-related expenses, provided they agree not to sue TJX or seek any other form of recovery from TJX, Fifth Third, or Visa. The offer, which expires Wednesday, needs approval from issuers representing 80% of the eligible accounts. Visa did not respond to a Digital Transactions News inquiry about how issuers are responding. TJX earlier settled a consumer class action, but still faces government investigations. In one of the breach's more ironic developments, TJX under the Nov. 30 settlement with Visa and Fifth Third agreed to be a public PCI advocate. The retailer also agreed to test new security technology with Visa.
Check Also
Slope Taps Marqeta for a B2B BNPL Card; Equipifi Partners With Synergent on BNPL
Slope, a provider of buy now, pay later solutions for business-to-business transactions, announced early Thursday …