A US Federal Trade Commission (FTC) official confirmed it has launched an investigation into TJX Companies, parent to UK discount retailer T.K. Maxx, which earlier this year announced it had suffered a massive data breach.
The FTC official would offer no more information about the investigation, adding that the agency's investigations are "non-public." However, she said that TJX has publicly announced the investigation, so the agency could confirm it.
US-based TJX first announced the breach in January, alerting customers via a letter posted on its website that intruders broke into the company's network and gained access to personal and financial customer data.
In a separate statement issued at the same time, the company said it believed the break-in to its systems that process credit and debit card purchases and returns for its T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright stores in the United States was discovered in mid-December of 2006, but probably occurred in May of that year.
In February, TJX announced that further investigation into the breach showed intruders gained access as much as a year earlier than originally thought, and added customers in the UK and Ireland to list of those whose information may have been exposed.
In February, Massachusetts Attorney General Martha Coakley announced she would lead a multi-state civil investigation to discover what security measures TJX had taken before the breach occurred.
TJX has not yet reported how many customers may be affected by the data breach, though observers estimate tens of millions of credit and debit cards are vulnerable.
The company did not return calls seeking comment on Wednesday.