The Massachusetts Bankers Association, Connecticut Bankers Association, and the Maine Association of Community Banks, together with Eagle Bank, Saugusbank, and Collinsville Savings Society, have announced that they have settled the litigation which they brought against The TJX Companies, Inc. relative to the intrusion(s) into TJX’s computer system. The financial terms remain confidential, but according to the terms of the settlement, TJX has agreed to reimburse the settling plaintiffs for a negotiated portion of the costs and expenses, other than attorney’s fees, that they incurred in the case. The bankers associations are also recommending that their member banks which are Visa issuers, where appropriate, accept the Visa Alternative Recovery Offer.
The associations believe that many of the objectives of the litigation have been achieved through the developments leading up to this settlement.
“For our member banks, the protection of customer data has always been of paramount importance,” said Daniel J. Forte, president, of the Massachusetts Bankers Association. “We are pleased to see the steps undertaken by TJX to improve the protection of cardholder data. Those steps have resulted in TJX having recently been certified as fully PCI DSS compliant by an independent PCI-approved assessor.”
“Over the past six months,” added Forte, “validated compliance for the large, levelÃ¢Âone retailers has improved from approximately 40 percent to 70 percent, and we believe our case was highly influential in achieving this progress. This data breach and the ensuing litigation have clearly initiated an important nationwide dialogue on the importance of improving the security of the U.S. payment card system.”
The associations also noted the positive impact that this case had in explaining the complicated nature of the card payment system. “It was an important education tool for the general public that the banks were not the source of the data breach,” said Forte.
Forte added, “Visa’s and TJX’s recent announcement of an Alternative Recovery Offer is also significant. Indeed, in banking terms, it is historic and precedent setting. Through that offer, TJX has agreed to fund up to $40.9 million in payments to Visa issuing banks which may have suffered damages as a result of the data breach. This alternative recovery solution will, in many cases, allow issuing banks to recover more than would otherwise be possible through existing recovery mechanisms. The associations advise our members which are Visa issuers to review and favorably consider the offer structured by Visa and where appropriate, accept it prior to the December 19, 2007 deadline. We are appreciative of Visa’s efforts, and would continue to strongly encourage Visa to extend its existing recovery system so as to create a permanent process which facilitates recovery for all Visa issuers in the context of any future data breaches.
The Massachusetts Bankers Association represents 205 commercial, savings and co-operative banks and savings and loan institutions in Massachusetts and elsewhere in New England.
The Connecticut Bankers Association represents over 64 financial institutions conducting banking operations in the State of Connecticut and elsewhere in New England.
The Maine Association of Community Banks represents 23 Maine-based financial institutions.