The parent company of Massachusetts-based retailer T.J. Maxx has reached a settlement with 41 states over a data breach that exposed an estimated 94 million credit-card and debit-card numbers nationwide to hackers.
Oregon Attorney General John Kroger announced the deal with TJX Companies Tuesday. T.J. Maxx has operated a store at Medford's Bear Creek Plaza shopping center since 1996.
The settlement involves what is believed to be the largest ever data breach for a merchant. Hackers intercepted an estimated 94 million credit-card and debit-card numbers between 2005 and 2007.
Anyone in Oregon who used a credit or debit card to purchase goods from T.J. Maxx or affiliated Marshalls stores in that time frame could have been affected. Under the agreement, TJX must:
- Upgrade all wired equivalency privacy based wireless systems in TJX retail stores to wired systems or Wi-Fi protected access wired systems.
- No longer store credit-card or debit-card data on its network any longer than necessary for legitimate business purposes.
- Separate the rest of the TJX computer system from the network-based portions of the TJX computer system that store, process or transmit personal information by firewalls and access controls.
- Must implement security-password management for portions of the TJX computer system that store, process or transmit personal information.