TJX settles case on data breach - Los Angeles Times
Advertisement

TJX settles case on data breach

Share via
From the Associated Press

More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores’ operator agreed to have its information audited but avoided paying federal fines.

TJX Cos. was one of three firms that agreed to settle charges that each “failed to provide reasonable and appropriate security for sensitive consumer information,” federal regulators said Thursday in two unrelated data-breach decisions.

Data broker Reed Elsevier and its Seisint subsidiary also avoided fines but have agreed to obtain third-party audits biennially for 20 years under a settlement with the Federal Trade Commission.

Advertisement

The agreements, which will be finalized after a 30-day public comment period, also require the companies to implement comprehensive information security programs.

“These cases bring to 20 the number of complaints in which the FTC has charged companies with security deficiencies in protecting sensitive consumer information,” said Deborah Platt Majoras, outgoing chairwoman of the FTC.

TJX said last March that at least 45.7 million credit cards were exposed to possible fraud in a breach of its computer systems. Court filings by banks that sued TJX estimated the number of cards affected at more than 100 million.

Advertisement

In the other case, personal information about hundreds of thousands of people held by Reed Elsevier’s LexisNexis unit may have been accessed in 2005 by unauthorized individuals using stolen passwords and IDs to access Seisint databases.

Sherry Lang, TJX’s senior vice president for investor and public relations, said the company disagreed with the FTC’s allegations but agreed to the settlement because it “is consistent with the agreements between the FTC and other retailers that have been victimized by cyber crime.”

The Framingham, Mass.-based company’s 2,500 stores include the T.J. Maxx and Marshalls chains.

Advertisement

The FTC cannot impose financial penalties against the companies because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.

The FTC said it coordinated its investigation of TJX with 39 state attorneys general.

Advertisement