TJX settled with New England banks over their massive, and preventable IMO, security breach. The settlement commits TJX to pay a portion of the legal bills for banks and trade organizations in Massachusetts, Connecticut, and Maine. The total dollar amount was not disclosed but it will include the $40.9 million in settlements previously covered with Visa. Despite the settlement, the total damages have not yet been tallied. There is an Alabama bank that is still making claims against TJX and federal and state organizations are still conducting investigations. These will probably add some more to the final price tag.
On the surface, this settlement seems somewhat surprising. Why would these banks settle for some legal fees when it appears that they could have squeezed TJX for much more considering the egregiousness of their breach? The answer is that a federal district court made it very difficult for all of the affected banks to join their efforts in a class action lawsuit. This decision makes it extremely expensive for individual banks to fund legal assaults on TJX for compensation in court. The most cost effective decision is to settle.
I'm not thrilled about the way this is all working out. It seems that our justice system is enabling TJX to avoid taking full responsibility for its poor security practices. However, I'm just a mere security peon about whose opinion the justice system could care less. That said, I have learned one thing from this mess. Legal wrangling and shenanigans are legitimate defensive layers in your corporate information security plan.
What do you think? I dare you to comment. Chicken.
TJX, banks reach settlement in data breach - The Boston Globe
On the surface, this settlement seems somewhat surprising. Why would these banks settle for some legal fees when it appears that they could have squeezed TJX for much more considering the egregiousness of their breach? The answer is that a federal district court made it very difficult for all of the affected banks to join their efforts in a class action lawsuit. This decision makes it extremely expensive for individual banks to fund legal assaults on TJX for compensation in court. The most cost effective decision is to settle.
I'm not thrilled about the way this is all working out. It seems that our justice system is enabling TJX to avoid taking full responsibility for its poor security practices. However, I'm just a mere security peon about whose opinion the justice system could care less. That said, I have learned one thing from this mess. Legal wrangling and shenanigans are legitimate defensive layers in your corporate information security plan.
What do you think? I dare you to comment. Chicken.
TJX, banks reach settlement in data breach - The Boston Globe
No comments:
Post a Comment