We all use our credit cards and hope that our personal information is stored properly. Unfortunately, it not always is. The good news is that Nevada is fighting to keep consumers and their personal information safer. Many states settled with TJX Companies! Contact 13 has reported on this story. But here's the final ending.
ATTORNEY GENERAL CATHERINE CORTEZ MASTO ANNOUNCES MULTI-STATE SETTLEMENT WITH THE
TJX
COMPANIES, INC.
Carson City
,
NV
– Today, Attorney General Catherine Cortez Masto, together with 40 other State Attorneys General, announced a settlement with
TJX
Companies, Inc.
The filing is a result of an investigation concerning
TJX
’s data security practices and the protection of customers’ financial information. The investigation revealed insufficient safeguards that allowed a massive data breach, placing thousands of consumers’ personal data at risk.
“I am pleased that, by working with my fellow Attorneys General, we were able to ensure that TJX will implement safety measures to assure the safety of personal data,” said Attorney General Masto. “We must assure the public that their personal data will be protected against criminals who look for weaknesses in our system to capture data for nefarious uses.”
TJX, who cooperated fully in the investigation, has agreed to pay $9.75 million to the states participating in the suit and to implement and maintain a comprehensive information security program to address weaknesses in
TJX
’s computer security systems. Under the terms of the settlement,
Nevada
will receive $42,000 to aid consumer protection enforcement.
In 2007, TJX announced that certain persons had obtained unauthorized access to its computer systems, enabling them to seize cardholder data and other personally identifiable information. As a result, the coalition of Attorneys General conducted an extensive investigation into
TJX
’s data security policies and procedures in place when the breach occurred. That investigation uncovered a number of vulnerabilities and flaws in
TJX
’s data security systems that facilitated the unlawful intrusion and allowed it to last undetected for an unacceptable duration.
Today’s settlement requires TJX to implement an information security program designed to guard against future intrusions or unauthorized disclosures which includes employment of a comprehensive “Information Security Program” that assesses internal and external risks to consumers’ personal information, implements the safeguards that will best protect that consumer information, and regularly monitors and tests the efficacy of those safeguards.
TJX
also will report regularly to the Attorneys General on the efficacy of its program, after obtaining a third-party assessment of its systems. Among other things, under the Information Security Program,
TJX
must:
· Upgrade all Wired Equivalency Privacy (“WEP”) based wireless systems in
TJX
retail stores to wired systems or Wi-Fi Protected Access (“WPA”) wired systems;
· Not store credit card or debit card data on its network, any longer than necessary for legitimate business purposes;
· Appropriately segment from the rest of the
TJX
computer system those network-based portions of the
TJX
computer system that store, process or transmit personal information, by firewalls, access controls, and other appropriate measures; and
· Implement proper security password management for portions of the
TJX
computer system that store, process or transmit personal information.
Of the $9.75 million monetary payment under the settlement, $5.5 million is to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million is to reimburse the costs and fees of the investigation. The remaining $2.5 million of the settlement will fund a Data Security Trust Fund to be used by the State Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information.
The 41 States participating in today’s agreement are Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin, and the District of Columbia.
#########
Recent Comments