Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: security curmudgeon (jerichoattrition.org)
Date: Tue Sep 11 2007 - 03:26:00 CDT
---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>
Posted by Richard Stiennon
September 9th, 2007
Repercussions from the biggest reported data breach incident in history
are still being felt. Last months arrest of a dealer in stolen credit
cards in Istanbul is just one example of how information stolen from TJX
Companies is still being used by criminals. As I prepare for a talk I am
giving at tomorrows Security Standard event in Chicago I realize that TJX,
the holding company that owns TJ Maxx, Marshalls, and a bunch of other
retail operations is being less than transparent about the breach they
first announced last January 17.
According to TJXs official communications through their press releases and
an SEC filing they first become aware of the presence of unauthorized
software on their computer systems on December 18 and they reported it for
the first time to Federal authorities on December 22nd.
There have been several speculative articles about how the breach occurred
but never explicit descriptions from TJX. One article in the Wall Street
Journal claims that the thieves broke in via a poorly setup wireless
access point in a Marhsalls store tein St. Paul, Minnesota. Another less
circulated story is that thieves broke into multiple TJ Maxx stores via
kiosks that were kept in the back of the store for accepting job
applications. I believe that there were multiple incidents over a period
of at least four years and that TJX had such bad security procedures that
it was open season on their data by many hackers.
Question number one that I would love to hear the answer to: Exactly how
and when did these breaches occur?
Dataloss Mailing List (datalossattrition.org)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!