[Dataloss] TJX breach shows that encryption can be foiled
lyger
lyger at attrition.org
Sun Apr 1 18:10:31 UTC 2007
http://www.boston.com/business/globe/articles/2007/03/31/tjx_breach_shows_that_encryption_can_be_foiled/
Encryption alone is no panacea for threats to consumer data, according to
specialists who say the technology's limit can be seen in the problems
reported by TJX Cos. of Framingham.
The notion of using complex math formulas to scramble electronic
information is gaining steam as a way to protect individuals' privacy, an
area of growing concern for retailers and banks as data thefts become more
brazen.
But recent details to emerge on how hackers accessed the parent of stores
including T.J. Maxx and Marshalls show how encryption can be defeated by
clever thieves -- and suggest the breach may have been an inside job.
A securities filing by TJX on Wednesday disclosed that the incident may
have compromised more than 45 million credit and debit card numbers, the
most in any single incident. In the filing, TJX also stated that "we
believe that the intruder had access to the decryption tool for the
encryption software utilized by TJX."
[...]
More information about the Dataloss
mailing list