BreachExchange mailing list archives
Government Stops Shielding Corporate Breach 'Victims'
From: security curmudgeon <jericho () attrition org>
Date: Wed, 31 Mar 2010 01:54:55 +0000 (UTC)
http://www.wired.com/threatlevel/2010/03/sunshine/ Government Stops Shielding Corporate Breach .Victims. By Kevin Poulsen and Kim Zetter March 30, 2010 | 1:17 pm For the past few months, national retailer J.C. Penney has been fighting an under-seal court battle to keep you from knowing that its payment card network was breached by U.S. and Eastern European hackers. The intrusions, by TJX hacker Albert Gonzalez and his overseas accomplices, occurred beginning in October 2007. J.C. Penney admits it was .wholly unaware. of the breach until the Secret Service told the company about it in May 2008, but now says with certitude that no identity or bank-card data was stolen in the breach it failed to detect. That.s why the company didn.t want to be identified to the public, says spokeswoman Darcie Brossart .Because there was no reason to think that the hackers were successful, there was no need to alarm J.C. Penney customers,. says Brossart, .We believed we had a legitimate interest in not being linked to criminal activity that resulted in major thefts from other companies.. So in court filings, J.C. Penney argued that it was entitled to anonymity under the 2004 Crime Victims. Rights Act, a law intended to protect the .dignity and privacy. of victims. A federal judge on Friday ordered the company.s identity unsealed anyway, as well as that of a second breached company, clothing retailer Wet Seal. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Government Stops Shielding Corporate Breach 'Victims' security curmudgeon (Apr 01)