The terms of the settlement require the parent of Marshalls and TJ Maxx to implement information security programs and submit to an audit by an independent third party every other year for the next 20 years, according to the FTC. The FTC complaint alleged TJX did not have the proper security measures in place to prevent unauthorized access to the sensitive, personal information of customers on file.
In March of last year TJX Cos. said information from 45.7 million credit and debit cards was stolen by computer hackers beginning in July 2005. The hackers gained access to the personal information of customers who had made credit and debit card purchases, as well as 450,000 returns made without receipts in the company's stores.
Following the revelation of the data breach, banks said that tens of millions of dollars of fraudulent charges were made on the cards, and millions were canceled and reissued.
"By now, the message should be clear: Companies that collect sensitive consumer information have a responsibility to keep it secure," said Deborah Platt Majoras, chairman of the FTC.
A Web site at TJXsettlement.com refers to a proposed settlement of a class-action lawsuit in federal court in Boston. The site notes a settlement offering vouchers, credit monitoring and other details for eligible consumers, as well as claim forms and additional information for consumers who were affected by the data breach.