Nashville Business Journal - The parent company of retailers T.J. Maxx and Home Goods has reached a multimillion dollar settlement with multiple states including Tennessee over allegations that it failed to provide adequate data security for its customers.

TJX Cos. Inc. of Framingham, Mass., which is the parent of T.J. Maxx, Marshalls, A.J. Wright and Home Goods, fell victim to a data breach in late 2006, exposing tens of millions of its customers’ personal information to potential fraud.

TJX will pay $9.75 million to the participating states, including $340,000 to Tennessee, to reimburse the costs of the investigation, $5.5 million of which will be dedicated to data protection and consumer protection efforts by the states. Another $1.75 million will be used to reimburse the costs and fees of the investigation.

In addition, the company must implement major security requirements.

In January 2007, TJX reported that its computer systems had been hacked in late 2006 and customer data had been stolen.

In Miami, Irving Escobar was sentenced to five years in prison for his role in a scam using the stolen credit card data. Authorities estimated the total loss in that case to be $3 million.

A multistate investigation after the breach reviewed thousands of documents and uncovered “a number of vulnerabilities and flaws in TJX’s data security systems,” according to the news release.

The company operates 882 T.J. Maxx, 811 Marshalls, 322 HomeGoods and 141 A.J. Wright stores in the United States.