Massachusetts Attorney General Martha Coakley will lead a civil investigation by dozens of states into the security breach disclosed last month by The TJX Companies, the owner of T.J. Maxx and Marshalls retailers.

The state's consumer protection division is looking into the data breach, "particularly what security measures the company took to protect consumer information," Coakley's office said in a statement yesterday. A Coakley spokeswoman, Emily LaGrassa, added that more than 30 states have asked for details on the TJX investigation or expressed interest in joining the probe.

"It's pretty fluid at the moment," LaGrassa said today. "We don't have a time frame for concluding any investigation."

TJX on Jan. 17 disclosed the security breach, in which one or more hackers penetrated the company's computer network and made off with a still-unspecified number of customer records, including credit card numbers. More than three dozen banks in Massachusetts, the home state of the Framingham-based company, have reported that cards they've issued have been compromised.

Coakley characterized TJX as "very cooperative" in the investigation -- phrasing that her spokeswoman repeated. "They've been cooperative, and we continue to work with them," LaGrassa said.

A TJX spokeswoman did not immediately return a phone call requesting comment on the investigation.

"The recent TJX data breach demonstrates that Massachusetts citizens do not have all the necessary tools to protect themselves against identity theft or credit card fraud," Coakley said in her statement.

Although the attack began in May 2006, the breach was not discovered by TJX until mid-December. The company said it delayed disclosing the intrusion until January so it could contain the problem and meet confidentiality obligations to law enforcement agencies.

Fraudulent charges on stolen accounts have been reported in such far-flung places as Hong Kong and Sweden; TJX, however, has yet to confirm any direct impact. "TJX cannot address everything that others are reporting regarding the breach of our systems," the company said in an online FAQ on the break-in.

Coakley, who took office last month as Massachusetts' first female attorney general, added that her office would work with the state legislature on efforts to mitigate any repeat of the TJX breach. "There are several proposals pending, including those that would require notification of consumers when their data was stolen or released, or that would give consumers the right to place a security freeze on their credit reports," said Coakley.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports