[Dataloss] TJX breach shows that encryption can be foiled

James Ritchie, CISA, QSA james_ritchie at sbcglobal.net
Tue Apr 3 19:54:03 UTC 2007


FTC settlements

http://www.ftc.gov/opa/2006/02/cardsystems_r.htm

http://www.ftc.gov/opa/2006/01/choicepoint.htm

Donald Aplin wrote:
> Section 5 of the FTC Act does NOT provide for any fines against
> companies for data security breaches.  CardSystems was not fined a
> penny in the settlement with FTC, nor was DSW in its settlement,
> nor BJ's before that.The presence of an independent  Fair Credit
> Reporting Act claim in the ChoicePoint action allowed for the
> imposition of a $10 million fine.
>
>
> Donald G. Aplin Legal Editor BNA's Privacy & Security Law Report
> (202) 452-4688
>
> _______________________________________________ Dataloss Mailing
> List (dataloss at attrition.org) http://attrition.org/dataloss
> Tracking more than 203 million compromised records in 609 incidents
> over 7 years.
>

-- 
James Ritchie
MCSE, MCP+I, M-CIW-D, CIW-CI, Inet+, Network+, A+

Attachments with this email, not explicitly referenced, should not be
opened. Always scan your email and their associated attachments for
viruses prior to opening.

This message and any accompanying documents are confidential and may
contain information covered under the Privacy Act, 5 USC 552(a), the
Health Insurance Portability and Accountability Act (PL 104-191), or
the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and its
various implementing regulations and must be protected in accordance
with those provisions. Unauthorized disclosure or failure to maintain
the confidentiality of the information may result in civil or criminal
sanctions.

This e-mail is strictly confidential and intended solely for the
addressee. Should you not be the intended addressee you have no right
to any information contained in this e-mail. If you received this
message by mistake you are kindly requested to inform us of this and
to destroy the message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20070403/55990475/attachment.html 


More information about the Dataloss mailing list