Editor's note: An earlier version of this story incorrectly stated that MasterCard was the source of an identity-theft concern. This is not the case. We regret the error.
It's certainly a cliche, but sometimes you can actually turn lemons into lemonade. In a settlement announced Friday, retailer TJX
TJX's settlement includes two interesting features. For customers that shopped at TJX department stores during the affected period, the company is offering vouchers to cover "costs as a result of the intrusion." The vouchers are good for use at local TJX stores. As you might guess, a relatively small denomination voucher is a great way to get shoppers into a store and potentially spend more than the value of the voucher. Another piece of the settlement is a future event at TJX stores that will give across-the-board savings of 15%. Far from a specific "result of the intrusion" event, this sale will be open to all customers.
Of course, the settlement was still a bitter pill for the company. For the 450,000-plus customers that had data besides their credit card numbers in TJX's systems, the company will foot the bill for credit monitoring and identity theft insurance for two to three years. While TJX will certainly get a better price for these services than any one of us could get on our own, they are insuring people who now have a much higher risk than average of the problems of identity theft. TJX is also offering straight-up reimbursements to those among the affected group who have documented costs from driver's license replacements and the like.
The company reserved $107 million in its fiscal second quarter, and expects another $21 million non-cash charges in its next fiscal year. TJX is far from the only major business or institution to suffer this kind of theft; past intrusions have occurred at the likes of CardSystems Solutions, which affected major credit card companies such as MasterCard
Hackers will continue to come up with new ways to get to this data. But as the news of costs associated with these breaches comes to light, companies that hold sensitive information may think twice about skimping on protection.
Fool contributor Matt Koppenheffer does not own shares of any of the companies mentioned. You can visit Matt on The Fool's CAPS service here, or check out his blog here. The Fool's disclosure policy is lucky it doesn't have an identity to steal.