TJX settles with the FTC and agrees to be audited every other year for security.
WASHINGTON, March 27 (Reuters) - Discount retailer TJX Cos
Inc (TJX.N: Quote, Profile, Research) has agreed to boost protection of its computer
networks to settle charges that lax security allowed a hacker
to steal millions of consumer credit card numbers, the U.S.
Federal Trade Commission said on Thursday.
According to an FTC complaint, TJX, operator of the T.J.
Maxx and Marshalls chains, failed to use reasonable and
appropriate security to prevent unauthorized access to personal
information on its computer networks.
"An intruder exploited these failures and obtained tens of
millions of credit and debit payment cards that consumers used
at TJX's stores, as well as the personal information of
approximately 455,000 consumers who returned merchandise to the
stores," the FTC said.
Banks claimed that tens of millions of dollars in
fraudulent charges were made on the cards and that millions of
cards were canceled or reissued, the FTC said.
Under its settlement with the agency, TJX is required to
establish and maintain a program to protect the security of
personal information it collects from consumers, the FTC said
in a statement.
The company also is required to submit to an independent
security audit every other year for 20 years, the FTC said.
Framingham, Massachusetts-based TJX operates over 2,500
stores worldwide.
A spokesman for the company was not immediately available
for comment.
(Writing by JoAnne Allen, editing by Richard Chang)
© Reuters 2008 All rights reserved
/ 1 
