Editor's note: An earlier version of this story incorrectly stated that MasterCard was the source of an identity-theft concern. This is not the case. We regret the error.  

It's certainly a cliche, but sometimes you can actually turn lemons into lemonade. In a settlement announced Friday, retailer TJX (NYSE:TJX) tried to add some sweetener to a big bag of lemons it's been shouldering. Earlier this year, the company disclosed that hackers had breached its systems in 2005 and 2006, putting data from more than 45 million credit card holders at risk. It was even worse for more than 450,000 customers who had returned merchandise without a receipt and had other information, such as driver's license numbers, in the system.

TJX's settlement includes two interesting features. For customers that shopped at TJX department stores during the affected period, the company is offering vouchers to cover "costs as a result of the intrusion." The vouchers are good for use at local TJX stores. As you might guess, a relatively small denomination voucher is a great way to get shoppers into a store and potentially spend more than the value of the voucher. Another piece of the settlement is a future event at TJX stores that will give across-the-board savings of 15%. Far from a specific "result of the intrusion" event, this sale will be open to all customers.

Of course, the settlement was still a bitter pill for the company. For the 450,000-plus customers that had data besides their credit card numbers in TJX's systems, the company will foot the bill for credit monitoring and identity theft insurance for two to three years. While TJX will certainly get a better price for these services than any one of us could get on our own, they are insuring people who now have a much higher risk than average of the problems of identity theft. TJX is also offering straight-up reimbursements to those among the affected group who have documented costs from driver's license replacements and the like.

The company reserved $107 million in its fiscal second quarter, and expects another $21 million non-cash charges in its next fiscal year. TJX is far from the only major business or institution to suffer this kind of theft; past intrusions have occurred at the likes of CardSystems Solutions, which affected major credit card companies such as MasterCard (NYSE:MA) and Visa, Citigroup (NYSE:C), UC Berkeley, Choicepoint (NYSE:CPS), and the Department of Veterans Affairs. 

Hackers will continue to come up with new ways to get to this data. But as the news of costs associated with these breaches comes to light, companies that hold sensitive information may think twice about skimping on protection.

Further Foolishness: