BreachExchange mailing list archives
follow-up: TJX Assents to Audits Of Data-Security System
From: security curmudgeon <jericho () attrition org>
Date: Fri, 28 Mar 2008 16:59:41 +0000 (UTC)
---------- Forwarded message ---------- From: Richard M. Smith <rms () computerbytesman com> In a press release, TJX, of Framingham, Mass., said it disagreed with the allegations in the FTC complaint, noting that prior to the breach, the company's data security "was similar to that of many major retailers." http://online.wsj.com/article/SB120664225435369131.html?mod=todays_us_marketplace TJX Assents to Audits Of Data-Security System By JOSEPH PEREIRA March 28, 2008 TJX <http://online.wsj.com/quotes/main.html?type=djn&symbol=tjx> Cos., which last year disclosed a major data-security breach, agreed to have its systems that safeguard customers' credit-card data audited every other year for the next two decades under a settlement with the Federal Trade Commission. The FTC said the discount retailer failed to take "readily available security measures" to protect its customers' data, allowing an intruder to gain access to tens of millions of credit cards and the personal information of 455,000 consumers. "Banks have claimed that tens of millions of dollars in fraudulent charges have been made on the cards and millions of cards have been cancelled and reissued," the FTC said. Financial penalties aren't part of the agreement. The FTC has yet to receive authority from Congress to assess fines, despite multiple petitions. The agency chastised the retailer for not encrypting the data, establishing firewalls, using complex passwords or regularly updating antivirus software to make it difficult for hackers to steal customers' financial data. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: TJX Assents to Audits Of Data-Security System security curmudgeon (Mar 28)