BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

follow-up: TJX Assents to Audits Of Data-Security System

From: security curmudgeon <jericho () attrition org>
Date: Fri, 28 Mar 2008 16:59:41 +0000 (UTC)


---------- Forwarded message ----------
From: Richard M. Smith <rms () computerbytesman com>

In a press release, TJX, of Framingham, Mass., said it disagreed with the 
allegations in the FTC complaint, noting that prior to the breach, the 
company's data security "was similar to that of many major retailers."

http://online.wsj.com/article/SB120664225435369131.html?mod=todays_us_marketplace


TJX Assents to Audits Of Data-Security System
By JOSEPH PEREIRA
March 28, 2008

TJX <http://online.wsj.com/quotes/main.html?type=djn&symbol=tjx> Cos., 
which last year disclosed a major data-security breach, agreed to have its 
systems that safeguard customers' credit-card data audited every other 
year for the next two decades under a settlement with the Federal Trade 
Commission.

The FTC said the discount retailer failed to take "readily available 
security measures" to protect its customers' data, allowing an intruder to 
gain access to tens of millions of credit cards and the personal 
information of 455,000 consumers.

"Banks have claimed that tens of millions of dollars in fraudulent charges 
have been made on the cards and millions of cards have been cancelled and 
reissued," the FTC said.

Financial penalties aren't part of the agreement. The FTC has yet to 
receive authority from Congress to assess fines, despite multiple 
petitions.

The agency chastised the retailer for not encrypting the data, 
establishing firewalls, using complex passwords or regularly updating 
antivirus software to make it difficult for hackers to steal customers' 
financial data.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: