funsec mailing list archives
[privacy] TJX Intruder Moved 80-GBytes Of Data And No One Noticed
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Fri, 26 Oct 2007 02:33:33 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via StorefrontBacktalk. [snip] Citing new information about the TJX data breach, attorneys suing the clothing retail chain amended their complaints on Thursday and wants a jury to evaluate TJX's security professionalism. New details that emerged from documents filed in federal court Thursday include: A TJX consultant found that not only was TJX not PCI-compliant, but that it had failed to comply with nine of the 12 applicable PCI requirements. Many were "high-level deficiencies," the consultant said. "After locating the stored data on the TJX servers, the intruder used the TJX high-speed connection in Massachusetts to transfer this data to another site on the Internet" in California. More than "80 GBytes of stored data improperly retained by TJX was transferred in this manner. TJX did not detect this transfer." In May 2006, a traffic capture/sniffer program was installed on the TJX network by the cyber thieves, where it remained undetected for seven months, "capturing sensitive cardholder data as it was transmitted in the clear by TJX." [snip] Astounding. More: http://storefrontbacktalk.com/story/102507tjxrevisedcomplaint - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHIVH5q1pz9mNUZTMRAvaHAJ9c2hH2f5MoXpcE5mlCw1ogCTCUCQCg/EAU dYHJFOX2X5hoT9DILIMNbBM= =z175 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] TJX Intruder Moved 80-GBytes Of Data And No One Noticed Paul Ferguson (Oct 25)
- Re: [privacy] TJX Intruder Moved 80-GBytes Of Data And No One Dr. Neal Krawetz (Oct 26)