Thoughts about Tjx
Tjx
Just when you thought the TJX data breach couldn’t get any uglier, it does. In documents filed with the court last week, a group of New England banks claim that the clue-challenged retailer had 94 million credit card numbers stolen by hackers — or more than double the previous number TJX had claimed. 1
While details are still sketchy, TJX said unauthorized software placed on its computer systems stole at least 100 files containing data on millions of accounts from systems that process and store transaction information in Framingham and Watford, United Kingdom. Moreover, TJX believes the hackers last year had the capability to steal payment card data from its Framingham system as transactions were being approved. Even the files TJX tried to protect through encryption may have been compromised because the company believes the hackers had access to the decryption tool. 2
Get more from Ask-About-swicki.eurekster.com/Tjx
But this was no ordinary scam. It was part of a sophisticated operation that started with the theft of credit card data on 45.7 million customers of TJX - parent company (TJX) of retailers T.J. Investigators believe it is the boldest tangible evidence of criminals cashing in on hacked data from TJX - the nation’s largest reported computer data breach, which TJX disclosed in January. 3
TJX is the owner of stores such as TJ Maxx, Marshalls and Bob’s Stores. In January, the company announced that someone had illegally accessed one of its payment systems and made off with card data belonging to an unspecified number of customers in the U.S., Canada, Puerto Rico as well as potentially the U.K. 4
When TJX first disclosed its data breach in January, the retailer came under heavy criticism for what many considered a sloppy response. The company didn’t disclose the breach until a month after it was first discovered, and few accepted its explanation that investigators recommended the period of silence. 5
Meanwhile, a second report on the TJX breach investigation is expected to be released by U.S. investigators early next year. In a report issued by Canadian privacy officials released in September, TJX was criticized for collecting far too much consumer data for far too long while failing to upgrade its Wi-Fi security to the stronger WPA encryption protocol. 6
The ongoing investigation found that intruders, in fact, gained access to the company’s systems as far back as July 2005 and “on various subsequent dates in 2005.” Similarly, payment card data involving transactions over an 18-month period between January 2003 and June 2004 has also been compromised — as well as more drivers license information than previously thought, the company said. Until now, TJX was only able to confirm the compromise of data involving transactions in 2005 and for the period between May 2006 and Dec. 2006. 7
The lesson from the TJX and Reed?Elsevier settlements is clear. The cost of preventing the security breaches was disproportionately small compared with the scale of the liability the companies now face. Prudent businesses should therefore take heed and should perform regular security audits to ensure that they are following?information security best?practices. 8
When a breach like this happens, is the company legally obligated to inform those who may have had their information compromised?? If so, how the hell do you do that with 45 million people? 9
Find more from Ask-About-swicki.eurekster.com/Tjx
Tags: clue, computer data, computer systems, credit card numbers, criminals, data breach, decryption tool, england banks, framingham, hackers, investigators, marshalls, new england, parent company, tangible evidence, tj maxx, tjx, tjx data breach, tool 2, unauthorized software, watford
Tags: clue, computer data, computer systems, credit card numbers, criminals, data breach, decryption tool, england banks, framingham, hackers, investigators, marshalls, new england, parent company, tangible evidence, tj maxx, tjx, tjx data breach, tool 2, unauthorized software, watford