BreachExchange mailing list archives
follow-up: TJX's Security System Faulted in Canada Probe
From: security curmudgeon <jericho () attrition org>
Date: Thu, 27 Sep 2007 06:24:31 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://online.wsj.com/article/SB119076398490039298.html By Joseph Pereira September 26, 2007 TJX Cos., owner of the T.J. Maxx and Marshalls discount chains, failed to upgrade its data-encryption system in time to thwart one of the largest credit-card data thefts in North America, a Canadian government investigation found. Investigators also found that the Framingham, Mass.-based retailer was holding on to its customers' personal information unnecessarily and for too long, exposing data on at least 45.7 million credit-card numbers to hackers. As a result of their findings, the privacy commissioners of Canada and the province of Alberta -- which jointly conducted the seven-month probe -- recommended a number of corrective actions by TJX, including the use of a sophisticated coding system to protect driver's-license information and the deletion of all credit-card data after 18 months. "Basically, what we're asking for is standard practice in the industry," said Wayne Wood, a spokesman for the Office of the Information and Privacy Commissioner of Alberta. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: TJX's Security System Faulted in Canada Probe security curmudgeon (Sep 27)