Companies Avoid Financial Penalties After Massive Computer Data Breaches

More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores' operator agreed to have its information audited but avoided paying federal fines.

TJX was one of three firms that agreed to settle charges that it "failed to provide reasonable and appropriate security for sensitive consumer information," federal regulators said yesterday in two unrelated data-breach decisions.

Data broker Reed Elsevier and its Seisint subsidiary also avoided fines but have agreed to obtain third-party audits biennially for 20 years under a separate settlement with the Federal Trade Commission.

The agreements, which will be finalized after a 30-day public comment period, also require the companies to implement comprehensive information security programs.