TJX Settle Lawsuit for Data Breach - Should they have to pay?

An agreement has been made by TJX Companies Inc. to pay $525,000 in a lawsuit settlement brought up by several banks in regards to a data breach that happened over 2 years ago.

If you remember, back in January 2007, TJX Companies Inc., the father company of TJ Maxx stores, was part of a data breach where intruders broke into its network and stole 45 million credit and debit card numbers. At that time, before the infamous Heartland Payment Systems breach, the TJX Companies Inc. data theft had been the biggest breach that involved credit card information.

Not only had TJX Companies Inc had to pay out $525,000 just recently to settle the law suit with several banks, but it has said that it would have to pay close to $10 million to settle other law suits brought by attorneys general in 41 states in addition to other items pushing this number to over $200 million. This has made the data breach of TJX Companies Inc. one of the costliest ever.

Knowing how much it could potentially cost a company in the unfortunate incident of a data breach, should companies implement new costly security measures before hand? It is a gamble that many of us share. If you choose not to utilize a security application that is capable of reducing your risk of being attacked by a hacker, then you could be the next victim of identity theft and end up paying out a lot more than you bargained for. Same thing when it comes to many corporations. If a company chooses not to either set aside monies to cover breach related costs or never pay for additional network security, then they could risk losing not only money, but their business may greatly suffer.

Luckily enough, the culprit of the TJX attacks and other breaches including major retail stores, Albert Gonzalez of Miami, has agreed to plead guilty to being the mastermind behind the data breaches. Even still, many of these companies will ultimately suffer by paying out lawsuits because others may have thought they did not have the necessary security measures in place to prevent the attack in the first place.

What do you think, should companies be held liable for a hacker stealing financial data of their customers? Should the attacker be the one to pay for the damages?