ERP Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO Enterprise Applications
 CIO ERP
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Secrets of Successful Vendor Contract Negotiations for the Mid-Market

Sept. 10, 2009, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

On this free public Council teleconference, Matthew A. Karlyn, attorney at Foley & Lardner in Boston, will share tips on negotiating tactics and new, creative contract terms to help mid-market CIOs make better deals.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News
 

FTC Settles with TJX, LexisNexis

The U.S. Federal Trade Commission has settled data-breach complaints against retailer TJX and data broker Reed Elsevier, requiring both companies to establish comprehensive information security programs and submit to biennial data security audits over the next 20 years.

 

By Grant Gross

March 28, 2008 — IDG News Service —

The U.S. Federal Trade Commission has settled data-breach complaints against retailer TJX and data broker Reed Elsevier, requiring both companies to establish comprehensive information security programs and submit to biennial data security audits over the next 20 years.

The settlements, announced Thursday, also require the companies to identify internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place. The settlements don't include fines because the FTC doesn't have authority to levy civil fines in violations of the FTC Act, which prohibits unfair business practices. The FTC has asked Congress for the ability to seek civil fines under the FTC Act, an agency spokeswoman said.

The settlement with TJX, which owns T.J. Maxx, Marshalls and other retailers, comes in response to a data breach that exposed more than 45 million customer credit and debit cards. The company reported the 2005 breach in January 2007, and some banks have alleged that the number of cards affected is 94 million.

Reed Elsevier and subsidiaries LexisNexis and Seisint announced in March 2005 that hackers had stolen passwords, names, addresses, Social Security and drivers license numbers of about 32,000 customers. Since then, the number of compromised customers has risen to 316,000.

The FTC has brought a total of 20 complaints against companies that had data breaches. "By now, the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure," FTC Chairman Deborah Platt Majoras said in a statement. "Information security is a priority for the FTC, as it should be for every business in America."

The agency charged that TJX stored and transmitted personal information in clear text, did not use "readily available" security measures to limit wireless access to its networks, did not use strong passwords and did not use security measures such as firewalls.

The FTC charged that Reed Elsevier allowed customers to use easy-to-guess passwords to access Seisint's Accurint databases containing sensitive personal information such as drivers license numbers and Social Security numbers.

Identity thieves exploited these security failures, and used the information to activate credit cards and open new accounts, the FTC said.

The FTC charged that the company failed to make Seisint user credentials hard to guess, failed to periodically change user credentials, and failed to suspend credentials after a number of unsuccessfully log-in attempts. The company also allowed Seisint customers to store credentials on cookies on their computers, permitted users to share credentials, did not adequately address vulnerabilities in Seisint's Web applications and computer network and did not implement "simple, low-cost and readily available" defense against attacks, the FTC said.

 
 
Loading...
 
WHITE PAPERS

Communications Transformation Platform

The Communications Transformation Platform enables you to provide the services your customers demand - faster, cheaper and with less risk.
 

Global Change in the TV Industry

Capgemini and MediaXchange have captured key insight to the change across the TV industry.
 

5 Key Requirements of Quality Power

What your IT equipment needs from a UPS: The top five requirements that define "quality power" in the eyes of the power supplies in your IT systems.
 

The Gartner Magic Quadrant for IT PPM Applications

This report evaluates 19 vendors on their ability to execute and completeness of vision.
 

Best Practices to Mitigate Risk

Make SOX Efforts More Effective
 

Keep Your CMDB On Course

Learn how configuration drift can challenge configuration management database integrity.
 

WEBCASTS

Managing Client Systems in the Enterprise

Keeping client systems costs under control is just one of the many initiatives IT must address when trying to manag...
 

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs
 

Webcast with Dan Vesset: Investing in Business Analytics Technology

What exactly is business analytics and why should you care? Dan Vesset of IDC and Gaurav Verma of SAS answer this a...
 

Capitalize on Your SAP Content

After 18 years of partnership and over 3,000 successful customer deployments, Open Text has become SAP's premier pa...
 

Enterprise Cloud Computing: Ready for Primetime?

The progression toward enterprise cloud computing is happening today, as industry leaders deploy technologies that ...
 

BSM in the Field, Practical Insights from Peter Armaly

Have you thought about BSM, but haven't quite gotten the buy-in you need? Get down and dirty with BSM installations...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Taking the Service Desk to the Next Level

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

Learn how to save 30% through project & portfolio management.

5 Steps to Automating Accounts Payable

BPM Survey Results: The Real-World Analysis

Ready to Act: 3 Recommendations for Agile Processes

Achieving Business Agility with Application Grid

Next Generation Enterprise Applications

Achieving Pervasive Performance Management

Smart Decisions: The Role of Key Performance Indicators

The Link Between Effective Online Business Banking and Web 2.0

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

Introducing the new HP ProLiant G6 server family

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Accenture IT Consulting: Logical meets technological. More . . .

The Fraudster Economy Model: Operating a Business in the Underground

Why Data Loss is Increasing--and What You Can Do About It

Learn how to managing client systems in the enterprise.

Build a High-Performance Open Web Platform

How Interactive Viewer Reduces the Effort to Meet Visualization Requirements

Stop Application Fraud at the Source with Device Reputation

Building the Virtualized Enterprise with VMware Infrastructure

The Global Marketplace Today: Strategies for Tough Times

Top 10 Business and IT Drivers for the Wealth Management Sector

8 Key Ingredients to Building an Internal Cloud

BPM: Leveraging Competencies and Streamlining Processes to Achieve Operational Excellence

White Paper: The Building Blocks for Cloud Computing

Craft a Strategy to Lower Your Total Cost of Ownership

A Natural User Interface for Enterprise Applications

Delivering Secure and Reliable Data through Spreadsheet Automation

Financial Institutions Need Rich Internet Applicatons

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Insight makes it easy to spend your Microsoft subsidy check.

Five minute business analytics assessment. Immediate results.

Dangerous Collaboration Practices: 5 Ways IT Can Minimize Risk

Accenture: Outsourcing for uncertain times. Click to learn more.

Keep online transactions fast with CA Wily APM