If you ever want to demonstrate the monetary cost of a security breach, look no further than the poster boy of identify thefts: TJX Companies.

The parent company of clothing retailers T.J. Maxx and Marshalls today settled pending litigation with 39 state attorneys general for damage caused to the public good by the 2007 security breach of its corporate network that resulted in the theft of more than 94 million debt and credit card numbers.

Under the terms of the settlement, the 39 states will share a $9.75 million cash pool to compensate consumers for their losses associated with the security breach.

In 2007, TJX discovered that its network was compromised by hackers who exploited a wireless vulnerability to gain access to its credit card databases. Over the course of two years, the hackers reportedly pilfered more than 94 million consumer payment records.

An incident analysis revealed that the security breach resulted directly from TJX’s decision to not upgrade wireless encryption from WAP (Wireless Access Protocol) to WEP (Wired Equivalent Privacy), a stronger implementation of wireless security that’s recommended in the Payment Card Industry Data Security Standard (PCI-DSS).

TJX was widely criticized for not adhering to the PCI security standard or common security practices that could have prevented the security breach. In addition to the $9.75 million settlement with the states, TJX also settled damages claims with Visa and MasterCard totaling $60 million.

Remediating from the incident—investigations, security infrastructure improvements, and data recovery—reportedly cost TJX roughly $250 million.

In total, the massive breach cost TJX more than $320 million, or $3.40 per record. That total doesn’t include the reputational cost in lost sales and confidence among customers and partners, or the cost of victims to recover their identity or change account information.

According to the Ponemon Institute, the total cost of a data security breach when internal remediation and victim costs are taken into consideration can reach $197 per record.

While the costs of a security breach vary depending on the scope of the incident and the type of data exposed, the TJX incident remains a testament to the consequences of failing to make prudent security investments.