DSW Decides FTC Security Shoe Fits

National shoe discounter settles FTC charges that it failed to protect customer data.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted December 2, 2005

Roy Mark

The other shoe fell today for DSW, the national footwear discounter that admitted in March that hackers accessed more than three months' worth of customer data.

In a settlement with the Federal Trade Commission (FTC), DSW agreed to implement a comprehensive security plan and to obtain independent audits by a third-party security firm every other year for 20 years.

The security program must include administrative, technical and physical safeguards.

Until at least March of this year, the FTC claims, DSW engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for sensitive customer information.

The FTC said DSW's failure to secure customers' sensitive data constituted an unfair trade practice, because it caused substantial injury that was not unreasonably avoidable by consumers. The FTC further charged that offsetting benefits to consumers, such as credit, debit and check approvals, did not outweigh the consumer injuries.

According to the FTC, the DSW security lapse compromised 1.4 million customer credit and debit cards and 96,000 checking accounts. The FTC said that there have been fraudulent charges on some of the compromised accounts.

The FTC said DSW's exposure for losses related to the breach ranges from $6.5 million to $9.5 million.

As outlined in the FTC complaint, DSW uses computer networks to obtain authorization for credit card, debit card and check purchases at its stores and to track inventory. Columbus, Ohio-based DSW operates approximately 190 stores in 32 states. In 2004, the company generated $961 million in net sales and sold approximately 23.7 million pairs of shoes.

This article was first published on InternetNews.com. To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.