TJX announced that it has settled with 41 Attorneys General over its massive data breach that they disclosed two years ago. In its statement, TJX denied that it broke any laws, saying, “TJX firmly believes that it did not violate any consumer protection or data security laws.” Under the terms of the settlement, as described in their press release, TJX will:
— Provide $2.5 million to establish a new Data Security Fund for use by the States to advance effective data security and technology;
— Provide a settlement amount of $5.5 million together with $1.75 million to cover expenses related to the States’ investigations;
— Certify that TJX’s computer system meets detailed data security requirements specified by the States; and
— Encourage the development of new technologies to address systemic vulnerabilities in the United States payment card system.