Home > Security News > TJX data breach faces FTC probe
Security News:
EMAIL THIS LICENSING & REPRINTS

TJX data breach faces FTC probe

By SearchSecurity.com Staff
13 Mar 2007 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The Federal Trade Commission (FTC) confirmed Monday that it's investigating the massive data breach at TJX Companies Inc. that exposed millions of customers to potential identity fraud.

The FTC isn't releasing documentation related to its investigation despite a request for information by The Boston Globe. The commission told the newspaper in a March 8 letter that "disclosure of that material could reasonably be expected to interfere with the conduct of the Commission's law enforcement activities."
TJX data breach:

PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes.

TJX breach: There's no excuse to skip data encryption: Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses.

Top IT execs could take heat for TJX breach: Experts say senior IT executives at TJX are most likely on the hot seat today after the retail giant revealed Wednesday a massive computer security breach.

TJX spokeswoman Sherry Lang told the Globe that the company is cooperating with the FTC.

Framingham, Mass.-based TJX acknowledged in January that an attacker exploited a flaw in a portion of its computer network that handles credit card, debit card, check, and merchandise return transactions.

The TJX breach was worse than first thought, TJX officials admitted last week. The company initially believed that attackers had access to its network between May 2006 and January 2007. However, the ongoing investigation has turned up evidence that the thieves also were inside the network several other times, beginning in July 2005.

TJX violated some of the basic tenets of the PCI Data Security Standard (PCI DSS), several PCI auditors told SearchSecurity.com recently, and the company will pay a heavy financial price. They said companies should study the TJX security breach for clear lessons on what not to do with customer data.

Sound Off! -   Be the first to post a message to Sound Off!


Tags: Identity Theft and Data Security BreachesDatabase SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts