Data breach case leads to TJX audit agreement
March 28, 2008,
Washington – Off-price leader TJX Cos. has reached an agreement with the Federal Trade Commission (FTC) to undergo biannual audits for 20 years, as part of a settlement stemming from the credit card data breach in which millions of T.J. Maxx and Marshalls customers’ files were stolen.
The agreements, which will be finalized after a 30-day public comment period, also require the companies to implement comprehensive information security programs.
“These cases bring to 20 the number of complaints in which the FTC has charged companies with security deficiencies in protecting sensitive consumer information,” FTC chairman Deborah Platt Majoras said.
TJX last year took a $118 million reserve charge against settlement charges, which it applied at least in part to a separate agreement with banks and banking groups that had brought suit seeking damages in the case.
The FTC, however, did not impose financial penalties against the companies in its settlement because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.