TJX, which owns UK high street favourite TK Maxx, has agreed to pay out $9.75 million in a settlement over data thefts in 2005 and 2006.
International criminals attacked TJX's computer network in 2005 and 2006, which resulted in millions of card accounts being used to defraud credit and debit card users in the US, Europe and Asia.
Although it paid out the settlement, TJX said it "firmly believes" that it did not violate any consumer protection or data security laws.
The company claimed it reached the settlement so that it could concentrate on its core business and to promote cyber security measures.
"The sheer number of attacks by cyber criminals demonstrates the challenges facing the US payment card system in protecting sensitive consumer data," said Jeffrey Naylor, chief financial officer of TJX in a statement.
Last year, the US Attorney announced 11 indictments over the data thefts, with four individuals pleading guilty over related charges.
