[Dataloss] follow-up: TJX's Security System Faulted in Canada Probe
security curmudgeon
jericho at attrition.org
Thu Sep 27 06:24:31 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://online.wsj.com/article/SB119076398490039298.html
By Joseph Pereira
September 26, 2007
TJX Cos., owner of the T.J. Maxx and Marshalls discount chains, failed to
upgrade its data-encryption system in time to thwart one of the largest
credit-card data thefts in North America, a Canadian government
investigation found.
Investigators also found that the Framingham, Mass.-based retailer was
holding on to its customers' personal information unnecessarily and for
too long, exposing data on at least 45.7 million credit-card numbers to
hackers.
As a result of their findings, the privacy commissioners of Canada and the
province of Alberta -- which jointly conducted the seven-month probe --
recommended a number of corrective actions by TJX, including the use of a
sophisticated coding system to protect driver's-license information and
the deletion of all credit-card data after 18 months.
"Basically, what we're asking for is standard practice in the industry,"
said Wayne Wood, a spokesman for the Office of the Information and Privacy
Commissioner of Alberta.
[..]
More information about the Dataloss
mailing list