The announcement did not specify the settlement cost, but noted that its estimated costs were included in a $107 million reserve included in its second-quarter report for fiscal 2008 and its estimate of $21 million in costs expected in fiscal 2009. The $107 million figure includes costs from other lawsuits not included in the customer class actions, the Framingham-based company said.

The settlement also includes Cincinnati-based Fifth Third Bancorp, which processed some payment card transactions for TJX and was named in some of the customer lawsuits.

TJX said it denied the allegations in the customer lawsuits. It concluded that more legal action would be time-consuming and expensive.

"We deeply regret any inconvenience our customers may have experienced as a result of the criminal attack on our computer system," TJX President and CEO Carol Meyrowitz said in a statement.

TJX said a condition of the settlement is an evaluation of its computer security improvements by an independent security expert chosen by the plaintiffs. It also is subject to court approval.

"We think it's good for the members of the class and appropriate for the members of the class and we also commend the company on the way they handled it," said Tony Merchant, attorney for Canadian plaintiffs.

TJX said customers who returned merchandise without a receipt and were sent letters notifying them that their driver's license or other identification information may have been compromised will be offered three years of credit monitoring and identity theft insurance coverage. Some of those customers also will be reimbursed for the cost of replacing drivers' licenses. If their drivers' licenses or other ID numbers were the same as their Social Security number, they will also be reimbursed for certain losses from identity theft.

The company said it would offer vouchers to customers who show they shopped TJX stores, except Bob's Stores, in the U.S., Canada or Puerto Rico during the period affected by the breach and incurred certain costs related to the breach.

The company said it will hold a one-time, three-day customer appreciation event reducing prices 15 percent, expected sometime next year.

On Jan. 17, TJX disclosed a breach of its computer systems by an unknown hacker or hackers who accessed card data from transactions as long ago as 2003. On March 28, TJX said at least 45.7 million of its shoppers' cards had been compromised. Independent organizations that track data thefts say the TJX case is believed to be the largest in the U.S. based on the number of customer records compromised.

TJX says about three-quarters of the 45.7 million cards had either expired by the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. However, TJX also has said the intruders could have tapped the unencrypted flow of information to card issuers as customers checked out with their credit cards.

The company and U.S. Secret Service are investigating. Ten people were convicted in Florida this year for their roles in a ring using stolen TJX customer data to buy Wal-Mart gift cards. They aren't believed to be the TJX hackers.

Last month, a U.S. Postal Inspection Service investigator said a Ukrainian man recently arrested in Turkey was suspected of selling some of the card numbers stolen in the TJX breach. But they said he also was not believed to have been involved in the data breach.

TJX operates 2,500 retail outlets, including T.J. Maxx, Marshalls, HomeGoods, A.J. Wright and Bob's Stores in the United States, Winners and HomeSense stores in Canada, and T.K. Maxx stores in Europe.