BJ's Settles Data Protection Case

BJ's Wholesale Club agreed to implement new data security measures after millions in illegal purchases were made using credit and debit cards that consumers had used at BJ's stores, the Federal Trade Commission said yesterday.

Banks have reissued thousands of cards and filed lawsuits against BJ's that, as of May, amounted to $13 million in claims, according to the FTC. Under the settlement with the FTC, BJ's security must be inspected by an independent security outfit every other year for the next 20 years.

BJ's collected names, card numbers and expiration dates from cards used to make purchases at its stores, the FTC said. It then stored data for up to 30 days in violation of bank rules, allowed the data to be accessed with known default IDs and passwords, failed to encrypt the data when it was stored or transmitted and failed to prevent unauthorized wireless connections to its networks, according to the FTC.

Scott Hovanyetz covers telemarketing, production and printing and direct response TV marketing for DM News and To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting

Related Posts