[ISN] DSW to beef up computer security in US settlement

[InfoSec News]

http://www.localnewsleader.com/brocktown/stories/news-00107611.html

Staff and agencies
03 December, 2005

WASHINGTON - Shoe retailer DSW Inc. (NYSE:DSW - news) agreed to beef
up its computer security to settle U.S. charges that it did not
adequately protect customers' credit cards and checking accounts, the
Federal Trade Commission said on Thursday.

DSW said this spring that identity thieves had gained access to debit
card, credit card and checking account information of more than 1.4
million customers, one of a string of such security breaches announced
by U.S. companies this year.

Identity thieves have generated fraudulent activity on some of those
accounts, resulting in out-of-pocket charges for some customers, the
FTC said.

The FTC said the company engaged in an unfair business practice
because it created unnecessary risks by storing customer information
in an unencrypted manner without adequate protection.

As part of the settlement, DSW set up a comprehensive data-security
program and will undergo audits every two years for the next 20 years.

DSW operates approximately 190 stores in 32 states. It had been a
subsidiary of Retail Ventures Inc. (NYSE:RVI - news) until June, when
it was spun off in an initial public offering.

DSW issued a statement on Thursday saying it did not agree with all
the allegations made by the FTC. But it said the settlement "validates
the importance we place on security and brings closure to this
matter."

The company has said information was stolen from 108 stores. The
transaction information stolen involved 1.4 million credit cards and
96,000 checks.

Other companies to report such problems include Bank of America Corp.  
(NYSE:BAC - news) and ChoicePoint Inc. (NYSE:CPS - news), where the
thefts involved thousands of individuals' data.