funsec mailing list archives
Inadequate security safeguards led to TJX breach, Commissioners say
From: <rms () computerbytesman com>
Date: Tue, 25 Sep 2007 11:47:33 -0400
http://www.newswire.ca/en/releases/archive/September2007/25/c4626.html Inadequate security safeguards led to TJX breach, Commissioners say OTTAWA, Sept. 25 /CNW Telbec/ - The risk of a breach of sensitive personal information held by TJX Companies Inc., the US parent company of Winners and HomeSense stores in Canada, was foreseeable, but the company failed to put in place adequate security safeguards, an investigation by the Privacy Commissioners of Canada and Alberta has found. "The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it - putting the privacy of millions of its customers at risk," says Privacy Commissioner of Canada Jennifer Stoddart. "Criminal groups actively target credit card numbers and other personal information," says Commissioner Stoddart. "A database of millions of credit card numbers is a potential goldmine for fraudsters and it needs to be protected with solid security measures. "The TJX breach is a dramatic example of how keeping large amounts of sensitive information - particularly information that is not required for business purposes - for a long time can be a serious liability." . << - TJX did not properly manage the risk of an intrusion against the amount of customer data that it collected. - The company failed to act quickly in converting from a weak encryption standard to a stronger standard. The conversion process took two years to complete, during which time the breach occurred. - TJX did not meet its duty to monitor its computer systems vigorously. An adequate monitoring system should have alerted the company of an intrusion prior to December 2006. - The company did not adhere to the requirements of the Payment Card Industry Data Security Standard, which was developed to address the growing problem of credit card data theft. >>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Inadequate security safeguards led to TJX breach, Commissioners say rms (Sep 25)