TJX data breach faces FTC probe

The Federal Trade Commission (FTC) confirmed it is investigating events surrounding the data breach at TJX Companies Inc. TJX says it is cooperating with investigators.

The Federal Trade Commission (FTC) confirmed Monday that it's investigating the massive data breach at TJX Companies Inc. that exposed millions of customers to potential identity fraud.

The FTC isn't releasing documentation related to its investigation despite a request for information by The Boston Globe. The commission told the newspaper in a March 8 letter that "disclosure of that material could reasonably be expected to interfere with the conduct of the Commission's law enforcement activities."

TJX data breach:

PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes.

TJX breach: There's no excuse to skip data encryption: Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses.

Top IT execs could take heat for TJX breach: Experts say senior IT executives at TJX are most likely on the hot seat today after the retail giant revealed Wednesday a massive computer security breach.

TJX spokeswoman Sherry Lang told the Globe that the company is cooperating with the FTC.

Framingham, Mass.-based TJX acknowledged in January that an attacker exploited a flaw in a portion of its computer network that handles credit card, debit card, check, and merchandise return transactions.

The TJX breach was worse than first thought, TJX officials admitted last week. The company initially believed that attackers had access to its network between May 2006 and January 2007. However, the ongoing investigation has turned up evidence that the thieves also were inside the network several other times, beginning in July 2005.

TJX violated some of the basic tenets of the PCI Data Security Standard (PCI DSS), several PCI auditors told SearchSecurity.com recently, and the company will pay a heavy financial price. They said companies should study the TJX security breach for clear lessons on what not to do with customer data.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close