[Dataloss] follow-up: TJX e-mails tell the tale
security curmudgeon
jericho at attrition.org
Thu Nov 29 07:41:19 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://news.bostonherald.com/business/general/view.bg?articleid=1047504
By Donna Goodison
November 28, 2007
Executives at TJX Cos., which in January revealed a massive security
breach that put millions of its customers personal information at risk,
knew two years ago that the companys wireless payment network was
vulnerable to attack, according to court documents.
In 2005, TJX officials also discussed the need to update the companys
wireless network security to a more secure WiFi protected access (WPA)
system and whether it could be deferred to save money, according to e-mail
exchanges between TJX employees. The e-mails were included in court
documents filed in a lawsuit brought by a group of banks against TJX.
The security breach, the nations largest, began in mid-2005 and was
discovered by TJX in late 2006. TJX has since been accused of failing to
safeguard customers information and faces a myriad of lawsuits. Canadian
officials who conducted their own investigation said criminals hacked into
TJXs wireless networks while outside two Marshalls stores in Miami.
The e-mails reveal TJX executives concerns about the network.
[..]
More information about the Dataloss
mailing list