FTC launches probe into TJX data breach
Coming as no surprise, the Federal Trade Commission has opened an investigation into the recent data breach at discount clothing retailer TJX, in which potentially millions of customers' payment information was accessed by crooks.
"I can confirm the (FTC) has an investigation," agency spokeswoman Claudia Bourne Farrell told SCMagazine.com today, adding that she could not further comment on details of the probe.
A spokeswoman at Framingham, Mass. TJX, parent company of well-known retailers T.J. Maxx and Marshalls, did not return a telephone call seeking comment.
Last month, the company said investigators determined its network was also breached in July 2005 and later that year. When the company first reported the breach in January, it believed intrusions were confined to May to December 2006.
In addition, the company said credit and debit card transactions completed between January 2003 and June 2004 at its U.S., Puerto Rican and Canadian outlets were compromised. TJX previously reported that the data was "potentially" accessed.
The company also said it has discovered evidence that the portion of its network that processes T.K. Maxx transactions may have also been hacked. T.K. Maxx stores are located in the U.K. and Ireland.
Since the watershed 2005 Choice Point incident, in which cyberthieves posing as real customers of the data aggregation firm stole the personal information of 163,000 people, the FTC has wielded a big stick in its crackdown on shoddy information security practices.
In the Choice Point matter, where 1,400 fraud victims since have been identified, the FTC slapped the company with a $15 million penalty.
Click here to email reporter Dan Kaplan.