TJX-gate Continues - 45.7 Million Card Numbers Stolen, Encryption Comprimised?
Can you imagine a worse PR nightmare for a company than the TJX data breach fiasco? Just when it looks like the story finally dies down, the company reveals more details which make the breach look even worse than we already suspected. More news came out yesterday that the scope of the breach reached 45.7 million credit cards. According to Topix.net
TJX Cos., the owner of about 2,500 retail stores, including T.J. Maxx, Mashalls and HomeSense, said in a regulatory filing late Wednesday that about three-quarters of those cards had either expired at the time of the theft, or data from their magnetic strips had been masked - stored as asterisks rather than numbers.
Not so bad, right? Wrong - read on.
The kicker in this story is that TJX still doen't have a good handle on exactly what happened. In fact, the encryption software that masked some of the data may have been comprimised:
But TJX acknowledged it still knows little about the full scope of the breach, in part because the hacker or hackers accessed TJX's encryption software and could have known how to unscramble the information.Could it get any worse? The company reportedly stored data in violation of credit card industry standards, may not have adequately protected it's encryption software (the equivalent to leaving your house key under the door mat), and allowed the breach to continue for over 18 months before doing anything about it? And oh yea, there are those shareholder law suits.
This is beginning to remind me of a story about a break-in followed by the slow trickle of details that eventually ended disastrously for the participants: Watergate.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
