FTC: Retailer TJX Failed to Secure Consumers DataBy Reuters - | Posted 2008-03-28 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
TJX settles with the FTC and agrees to be audited every other year for security.
WASHINGTON, March 27 (Reuters) - Discount retailer TJX Cos Inc (TJX.N: Quote, Profile, Research) has agreed to boost protection of its computer networks to settle charges that lax security allowed a hacker to steal millions of consumer credit card numbers, the U.S. Federal Trade Commission said on Thursday.
According to an FTC complaint, TJX, operator of the T.J. Maxx and Marshalls chains, failed to use reasonable and appropriate security to prevent unauthorized access to personal information on its computer networks.
"An intruder exploited these failures and obtained tens of millions of credit and debit payment cards that consumers used at TJX's stores, as well as the personal information of approximately 455,000 consumers who returned merchandise to the stores," the FTC said.
Banks claimed that tens of millions of dollars in fraudulent charges were made on the cards and that millions of cards were canceled or reissued, the FTC said.
Under its settlement with the agency, TJX is required to establish and maintain a program to protect the security of personal information it collects from consumers, the FTC said in a statement.
The company also is required to submit to an independent security audit every other year for 20 years, the FTC said.
Framingham, Massachusetts-based TJX operates over 2,500 stores worldwide.
A spokesman for the company was not immediately available for comment.
(Writing by JoAnne Allen, editing by Richard Chang)
© Reuters 2008 All rights reserved