TJX breach shows that encryption can be foiled

[lyger <lyger () attrition org>]

http://www.boston.com/business/globe/articles/2007/03/31/tjx_breach_shows_that_encryption_can_be_foiled/

Encryption alone is no panacea for threats to consumer data, according to 
specialists who say the technology's limit can be seen in the problems 
reported by TJX Cos. of Framingham.

The notion of using complex math formulas to scramble electronic 
information is gaining steam as a way to protect individuals' privacy, an 
area of growing concern for retailers and banks as data thefts become more 
brazen.

But recent details to emerge on how hackers accessed the parent of stores 
including T.J. Maxx and Marshalls show how encryption can be defeated by 
clever thieves -- and suggest the breach may have been an inside job.

A securities filing by TJX on Wednesday disclosed that the incident may 
have compromised more than 45 million credit and debit card numbers, the 
most in any single incident. In the filing, TJX also stated that "we 
believe that the intruder had access to the decryption tool for the 
encryption software utilized by TJX."

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7 years.