Posted on June 24, 2009 by Amy C. Purcell

TJX Reaches Settlement In Data Security Breach Investigation

TJX agreed to pay $9.75 million to forty-one states to settle an investigation of a data breach that it reported in January 2007.  $2.5 million of the settlement amount will be used to create a data security fund for those states whose residents were affected by the data breach.  TJX will pay $7.25 million in settlement and investigation costs.  The settlement requires TJX, among other items, to take specific steps to tighten data security and to provide notice to consumers within ten days in the event of another data security breach.  The settlement also allows state governments to monitor TJX's data security efforts for three years.
 
TJX continues to emphasize that it "firmly believes it did not violate any consumer protection or data security laws."  TJX's chief financial officer, Jeffrey Naylor, stated that the settlement will allow TJX and state attorneys general to take "leadership roles in exploring new technologies and approaches to solving systematic problems in the U.S. payment card industry." 
 
TJX reported that eleven people were arrested on hacking charges, two people pleaded guilty to hacking charges and two people have pleaded guilty to related charges in connection with the data security breach.
Tags: , , , , , ,
Posted on June 19, 2009 by Amy C. Purcell

Eleventh Circuit Court of Appeals Rejects Veterans' Claims For Damages

On June 17, 2009, the Eleventh Circuit Court of Appeals affirmed the decision of the United States District Court for the District of Alabama and held that veterans were not entitled to damages as a result of data security breach.

In February 2007, the Department of Veterans Affairs announced that a computer hard drive, which contained the unencrypted names, social security numbers, birth dates and healthcare files for more than 198,000 living veterans, was missing. Veterans instituted a lawsuit against the VA and claimed that the "stress caused by their fear of identity theft" and "from their loss of trust in the VA" aggravated certain of their medical conditions. The district court granted the VA's motion for summary judgment and dismissed the veterans' claims. The Eleventh Circuit upheld the district court's decision and stated that the veterans were not entitled to monetary damages because they failed to prove "actual damages" or "pecuniary losses". The Eleventh Circuit did, however, remand the case to the district court to order the VA to take certain steps to avoid similar incidents in the future.

Tags: , , , , , , ,
Posted on May 13, 2009 by Scott L. Vernick

Federal Circuit Court Of Appeals Rules That TJX Litigation May Proceed On State Law Claims

The First Circuit Court of Appeals has ruled that, by accepting credit cards for payment, retailer TJX and its processing bank, Fifth Third, could have negligently misrepresented to credit and debit card issuers that their data security practices were in compliance with the security protocols established by VISA and MasterCard operating regulations. The First Circuit also ruled that, based on either on the issuers' claim of negligent misrepresentation or a possible violation of Section 5 of the Federal Trade Commission Act, TJX and Fifth Third could have engaged in deceptive practices in violation of Chapter 93A of Massachusetts General Law. While Chapter 93A may require egregious conduct, systemic recklessness, as distinct from deliberate wrongdoing or self-benefit, may be sufficient to sustain a claim.

After a security breach in 2005, in which computer hackers gained access to TJX's wireless network and compromised the security of more than 45 million customer accounts, credit and debit card issuers filed suit against TJX and Fifth Third to recover losses they sustained as a result of fraudulent use of cardholder information.

Tags: , , , , , , , ,