FTC launches probe into TJX data breach

Share this article:

Coming as no surprise, the Federal Trade Commission has opened an investigation into the recent data breach at discount clothing retailer TJX, in which potentially millions of customers' payment information was accessed by crooks.

"I can confirm the (FTC) has an investigation," agency spokeswoman Claudia Bourne Farrell told SCMagazine.com today, adding that she could not further comment on details of the probe.

A spokeswoman at Framingham, Mass. TJX, parent company of well-known retailers T.J. Maxx and Marshalls, did not return a telephone call seeking comment.

Last month, the company said investigators determined its network was also breached in July 2005 and later that year. When the company first reported the breach in January, it believed intrusions were confined to May to December 2006.

In addition, the company said credit and debit card transactions completed between January 2003 and June 2004 at its U.S., Puerto Rican and Canadian outlets were compromised. TJX previously reported that the data was "potentially" accessed.

The company also said it has discovered evidence that the portion of its network that processes T.K. Maxx transactions may have also been hacked. T.K. Maxx stores are located in the U.K. and Ireland.

Since the watershed 2005 Choice Point incident, in which cyberthieves posing as real customers of the data aggregation firm stole the personal information of 163,000 people, the FTC has wielded a big stick in its crackdown on shoddy information security practices.

In the Choice Point matter, where 1,400 fraud victims since have been identified, the FTC slapped the company with a $15 million penalty.

Click here to email reporter Dan Kaplan.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.