TJX data breach faces FTC probe

Article

TJX data breach faces FTC probe

The Federal Trade Commission (FTC) confirmed Monday that it's investigating the massive data breach at TJX Companies Inc. that exposed millions of customers to potential identity fraud.

The FTC isn't releasing documentation related to its investigation despite a request for information by The Boston Globe. The commission told the newspaper in a March 8 letter that "disclosure of that material could reasonably be expected to interfere with the conduct of the Commission's law enforcement activities."

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

TJX data breach:

PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes.

TJX breach: There's no excuse to skip data encryption: Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses.

Top IT execs could take heat for TJX breach: Experts say senior IT executives at TJX are most likely on the hot seat today after the retail giant revealed Wednesday a massive computer security breach.

TJX spokeswoman Sherry Lang told the Globe that the company is cooperating with the FTC.

Framingham, Mass.-based TJX acknowledged in January that an attacker exploited a flaw in a portion of its computer network that handles credit card, debit card, check, and merchandise return transactions.

The TJX breach was worse than first thought, TJX officials admitted last week. The company initially believed that attackers had access to its network between May 2006 and January 2007. However, the ongoing investigation has turned up evidence that the thieves also were inside the network several other times, beginning in July 2005.

TJX violated some of the basic tenets of the PCI Data Security Standard (PCI DSS), several PCI auditors told SearchSecurity.com recently, and the company will pay a heavy financial price. They said companies should study the TJX security breach for clear lessons on what not to do with customer data.