BreachExchange mailing list archives
follow-up: One year later: Five takeaways from the TJX breach
From: security curmudgeon <jericho () attrition org>
Date: Fri, 18 Jan 2008 07:34:18 +0000 (UTC)
---------- Forwarded message ---------- http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9057758 By Jaikumar Vijayan January 17, 2008 Computerworld One year ago today, The TJX Companies Inc. disclosed what has turned out to be the largest information security breach involving credit and debit card data -- thus far, at least. The data compromise at the Framingham, Mass.-based retailer began in mid-2005, with system intrusions at two Marshalls stores in Miami via poorly protected wireless LANs. The intruders who broke into TJX's payment systems remained undetected for 18 months, during which time they downloaded a total of 80GB of cardholder data. TJX eventually said that 45.6 million card numbers belonging to customers in multiple countries were stolen from its systems. Even that number may be far too low: a group of banks that is suing the retailer claimed in an October court filing that information about 94 million cards was exposed during the serial intrusions. The sheer size of the data theft puts TJX in a league of its own among companies hit by such incidents, and the breach has made it something of a poster child for sloppy data security practices among retailers. In addition, the breach highlighted several familiar issues and some not-so-familiar ones. Here, on the one-year anniversary of the breach becoming known, are five takeways for security managers: [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: One year later: Five takeaways from the TJX breach security curmudgeon (Jan 18)