follow-up: TJX e-mails tell the tale

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.bostonherald.com/business/general/view.bg?articleid=1047504

By Donna Goodison
November 28, 2007

Executives at TJX Cos., which in January revealed a massive security 
breach that put millions of its customers personal information at risk, 
knew two years ago that the companys wireless payment network was 
vulnerable to attack, according to court documents.

In 2005, TJX officials also discussed the need to update the companys 
wireless network security to a more secure WiFi protected access (WPA) 
system and whether it could be deferred to save money, according to e-mail 
exchanges between TJX employees. The e-mails were included in court 
documents filed in a lawsuit brought by a group of banks against TJX.

The security breach, the nations largest, began in mid-2005 and was 
discovered by TJX in late 2006. TJX has since been accused of failing to 
safeguard customers information and faces a myriad of lawsuits. Canadian 
officials who conducted their own investigation said criminals hacked into 
TJXs wireless networks while outside two Marshalls stores in Miami.

The e-mails reveal TJX executives concerns about the network.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml