BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

follow-up: The TJX Effect (fwd)

From: security curmudgeon <jericho () attrition org>
Date: Mon, 13 Aug 2007 12:46:07 +0000 (UTC)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/showArticle.jhtml?articleID=201400171

By Larry Greenemeier
InformationWeek
August 11, 2007

TJX will be glad when this year is over. The $17 billion-a-year parent 
company of T.J. Maxx, Marshall's, and several other discount retail chains 
has spent the past eight months dealing with the largest breach of 
customer data in U.S. history, the details of which are starting to come 
to light.

Last December, TJX says it alerted law enforcement that data thieves had 
made off with more than 45 million customer records. Since that time, at 
least one business, Wal-Mart, has lost millions of dollars as a result of 
the theft, while TJX has spent more than $20 million investigating the 
breach, notifying customers, and hiring lawyers to handle dozens of 
lawsuits from customers and financial institutions. Should TJX lose in the 
courts, it could be on the hook for millions more in damages.

But there's an even broader TJX Effect: The data breach, which actually 
took place over a period of years, has put the entire retail industry on 
the defensive and stirred up demands for all businesses that handle 
payment card information to do a better job of protecting it. Legislators 
are invoking TJX's name to fast-track data-security bills.

Few details of the TJX debacle have been made public by the company or 
investigators. As recently as June, TJX said in a regulatory filing that 
it didn't know "who took this action, whether there were one or more 
intruders involved, or whether there was one continuing intrusion or 
multiple, separate intrusions." Still, important details can be gleaned 
from internal and external sources.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: