FTC: Retailer TJX Failed to Secure Consumers Data

WASHINGTON, March 27 (Reuters) – Discount retailer TJX CosInc (TJX.N: Quote, Profile, Research) has agreed to boost protection of its computernetworks to settle charges that lax security allowed a hackerto steal millions of consumer credit card numbers, the U.S.Federal Trade Commission said on Thursday.

According to an FTC complaint, TJX, operator of the T.J.Maxx and Marshalls chains, failed to use reasonable andappropriate security to prevent unauthorized access to personalinformation on its computer networks.

"An intruder exploited these failures and obtained tens ofmillions of credit and debit payment cards that consumers usedat TJX’s stores, as well as the personal information ofapproximately 455,000 consumers who returned merchandise to thestores," the FTC said.

Banks claimed that tens of millions of dollars infraudulent charges were made on the cards and that millions ofcards were canceled or reissued, the FTC said.

Under its settlement with the agency, TJX is required toestablish and maintain a program to protect the security ofpersonal information it collects from consumers, the FTC saidin a statement.

The company also is required to submit to an independentsecurity audit every other year for 20 years, the FTC said.

Framingham, Massachusetts-based TJX operates over 2,500stores worldwide.

A spokesman for the company was not immediately availablefor comment.

(Writing by JoAnne Allen, editing by Richard Chang)