[privacy] TJX Intruder Moved 80-GBytes Of Data And No One Noticed

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via StorefrontBacktalk.

[snip]

Citing new information about the TJX data breach, attorneys suing the
clothing retail chain amended their complaints on Thursday and wants a jury
to evaluate TJX's security professionalism.

New details that emerged from documents filed in federal court Thursday
include:

A TJX consultant found that not only was TJX not PCI-compliant, but that it
had failed to comply with nine of the 12 applicable PCI requirements. Many
were "high-level deficiencies," the consultant said.

"After locating the stored data on the TJX servers, the intruder used the
TJX high-speed connection in Massachusetts to transfer this data to another
site on the Internet" in California. More than "80 GBytes of stored data
improperly retained by TJX was transferred in this manner. TJX did not
detect this transfer."

In May 2006, a traffic capture/sniffer program was installed on the TJX
network by the cyber thieves, where it remained undetected for seven
months, "capturing sensitive cardholder data as it was transmitted in the
clear by TJX."

[snip]

Astounding.

More:
http://storefrontbacktalk.com/story/102507tjxrevisedcomplaint

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHIVH5q1pz9mNUZTMRAvaHAJ9c2hH2f5MoXpcE5mlCw1ogCTCUCQCg/EAU
dYHJFOX2X5hoT9DILIMNbBM=
=z175
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy