[Dataloss] Report on TJX breach expected today
Avery Sawaba
avery.sawaba at gmail.com
Tue Sep 25 15:17:07 UTC 2007
I was on the teleconference call, but hit *1 too late to ask my
question. Reading the report that Chris sent the link to, one of the
big questions that stood out was that, although they explain that
wireless networks were upgraded to WPA in September 2005 to fix the
WEP security issue, they don't explain how the intruders continued to
access their networks even after the "locks were changed". Most of the
comments were Canadian specific, but a lot of American journalists
were on the line asking questions.
The only thing I heard that was truly new news to me was that the
breach originated at two Marshalls stores in Miami. I still have to
wonder whether or not all the intrusions were through the same stores
via the same methods though, and I can't help but doubt it.
--Sawaba
On 9/25/07, lyger <lyger at attrition.org> wrote:
>
> http://www.boston.com/business/globe/articles/2007/09/25/report_on_tjx_breach_expected_today/
>
> Two Canadian privacy agencies are expected to release today the results of
> a joint investigation into the security breach at TJX Cos. in which
> hackers stole more than 45.7 million credit and debit card numbers.
>
> The Privacy Commissioner of Canada and the Information and Privacy
> Commissioner of Alberta are expected to summarize their findings into how
> intruders breached the computer system using wireless technology outside
> of a Marshalls store in the United States, according to privacy officials
> briefed on the report.
>
> The Canadian groups report also includes recommendations for TJX to better
> protect its systems. The report is expected in Montreal on the opening day
> of the 29th International Conference of Data Protection and Privacy
> Commissioners.
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
>
More information about the Dataloss
mailing list