BreachExchange mailing list archives
Re: TJX breach shows that encryption can be foiled
From: Dissent <Dissent () pogowasright org>
Date: Tue, 03 Apr 2007 15:09:47 -0400
Forwarded for snippage purposes. Return-Path: <james_ritchie () sbcglobal net> Message-ID: <4612A466.1070707 () sbcglobal net> Date: Tue, 03 Apr 2007 15:00:54 -0400 So was my wife. If history can tell parts of the future, I think that the next item will be a suit from the FTC for unfair business practice which will end up with 10 m fine, 5 m relief, and every other year an audit from a security specialist, for 20 years. That is what Cardservices and Choicepoint settled with the FTC last year. BTW, FTC has adopted GLBA as the standard to protect Business to consumer relationships. Sean Steele wrote:
James, You pose some interesting questions re: what other regulations TJX is likely non-compliant with -- as a public company, I'd guess their SOX 404 controls should be examined. GLBA may come into play, though they're not a finsrv company. Who is their PCI-DSS auditor and are the results of their most recent audit either able to be requested or legally discoverable outside a lawsuit? The PCI Security Standards Council is a private, non-profit organization, so FOIA can't be used to force disclosure from them, correct? FWIW, I was a victim of this breach. I had my debit card re-issued by my bank this week. It's the first one of 2007 for me ;-( -- Sean Steele, CISSP infoLock Technologies 703.310.6478 direct 202.270.8672 mobile ssteele () infolocktech com
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 203 million compromised records in 609 incidents over 7 years.
Current thread:
- Re: TJX breach shows that encryption can be foiled, (continued)
- Re: TJX breach shows that encryption can be foiled Casey, Troy # Atlanta (Apr 02)
- Re: TJX breach shows that encryption can be foiled Chris Walsh (Apr 02)
- Re: TJX breach shows that encryption can be foiled Adrian Sanabria (Apr 02)
- Re: TJX breach shows that encryption can be foiled Avery Sawaba (Apr 03)
- Re: TJX breach shows that encryption can be foiled DAIL, ANDY (Apr 03)
- Re: TJX breach shows that encryption can be foiled Sean Steele (Apr 03)
- Re: TJX breach shows that encryption can be foiled DAIL, ANDY (Apr 03)
- Re: TJX breach shows that encryption can be foiled B.K. DeLong (Apr 03)
- Re: TJX breach shows that encryption can be foiled James Childers (Apr 03)
- Re: TJX breach shows that encryption can be foiled Sean Steele (Apr 03)
- Re: TJX breach shows that encryption can be foiled Casey, Troy # Atlanta (Apr 02)
- Re: TJX breach shows that encryption can be foiled Chris Walsh (Apr 03)
- Re: TJX breach shows that encryption can be foiled Donald Aplin (Apr 03)
- Re: TJX breach shows that encryption can be foiled James Ritchie, CISA, QSA (Apr 03)
- Re: TJX breach shows that encryption can be foiled Katie Felten (Apr 03)
- Re: TJX breach shows that encryption can be foiled Dan Good (Apr 03)
- Re: TJX breach shows that encryption can be foiled B.K. DeLong (Apr 03)