TJX settles case on data breach
WASHINGTON — More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores’ operator agreed to have its information audited but avoided paying federal fines.
TJX Cos. was one of three firms that agreed to settle charges that each “failed to provide reasonable and appropriate security for sensitive consumer information,” federal regulators said Thursday in two unrelated data-breach decisions.
Data broker Reed Elsevier and its Seisint subsidiary also avoided fines but have agreed to obtain third-party audits biennially for 20 years under a settlement with the Federal Trade Commission.
The agreements, which will be finalized after a 30-day public comment period, also require the companies to implement comprehensive information security programs.
“These cases bring to 20 the number of complaints in which the FTC has charged companies with security deficiencies in protecting sensitive consumer information,” said Deborah Platt Majoras, outgoing chairwoman of the FTC.
TJX said last March that at least 45.7 million credit cards were exposed to possible fraud in a breach of its computer systems. Court filings by banks that sued TJX estimated the number of cards affected at more than 100 million.
In the other case, personal information about hundreds of thousands of people held by Reed Elsevier’s LexisNexis unit may have been accessed in 2005 by unauthorized individuals using stolen passwords and IDs to access Seisint databases.
Sherry Lang, TJX’s senior vice president for investor and public relations, said the company disagreed with the FTC’s allegations but agreed to the settlement because it “is consistent with the agreements between the FTC and other retailers that have been victimized by cyber crime.”
The Framingham, Mass.-based company’s 2,500 stores include the T.J. Maxx and Marshalls chains.
The FTC cannot impose financial penalties against the companies because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.
The FTC said it coordinated its investigation of TJX with 39 state attorneys general.
More to Read
Inside the business of entertainment
The Wide Shot brings you news, analysis and insights on everything from streaming wars to production — and what it all means for the future.
You may occasionally receive promotional content from the Los Angeles Times.