BreachExchange mailing list archives

Re: Report on TJX breach expected today

From: "Avery Sawaba" <avery.sawaba () gmail com>
Date: Tue, 25 Sep 2007 11:17:07 -0400

I was on the teleconference call, but hit *1 too late to ask my
question. Reading the report that Chris sent the link to, one of the
big questions that stood out was that, although they explain that
wireless networks were upgraded to WPA in September 2005 to fix the
WEP security issue, they don't explain how the intruders continued to
access their networks even after the "locks were changed". Most of the
comments were Canadian specific, but a lot of American journalists
were on the line asking questions.

The only thing I heard that was truly new news to me was that the
breach originated at two Marshalls stores in Miami. I still have to
wonder whether or not all the intrusions were through the same stores
via the same methods though, and I can't help but doubt it.

--Sawaba

On 9/25/07, lyger <lyger () attrition org> wrote:


http://www.boston.com/business/globe/articles/2007/09/25/report_on_tjx_breach_expected_today/

Two Canadian privacy agencies are expected to release today the results of
a joint investigation into the security breach at TJX Cos. in which
hackers stole more than 45.7 million credit and debit card numbers.

The Privacy Commissioner of Canada and the Information and Privacy
Commissioner of Alberta are expected to summarize their findings into how
intruders breached the computer system using wireless technology outside
of a Marshalls store in the United States, according to privacy officials
briefed on the report.

The Canadian groups report also includes recommendations for TJX to better
protect its systems. The report is expected in Montreal on the opening day
of the 29th International Conference of Data Protection and Privacy
Commissioners.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Current thread:

Report on TJX breach expected today lyger (Sep 25)
- Re: Report on TJX breach expected today Chris Walsh (Sep 25)
- Re: Report on TJX breach expected today Avery Sawaba (Sep 25)