Banner

 
   
         
Home
About ETA
Join ETA
Events
News
Information Resources
Education
Advocacy
Media Relations
Payments Marketplace
Contact Us
MyETA
Advanced Search
Banner
Follow ETA

TJX Breach Details Revealed PDF Print E-mail
Attorneys suing retailer TJX have added to their original complaint, relying on newly discovered details regarding the company’s widely reported security breach.

In a news story in E-Week, it was revealed that TJX failed to comply with nine of 12 applicable PCI requirements and that the data thief managed to walk away with 80 gigabytes of data on TJX customers.


Other revelations:
  • Many of the TJX violations were "high-level deficiencies," according to a TJX consultant.
  • In May 2006, a traffic capture/sniffer program was installed on the TJX network by the data thief, and remained undetected for seven months.
  • TJX knew of the security problems as early as 2004. But took no action.
  • The data breach affected more than 100 million credit and debit card account numbers.
  • Visa and MasterCard have fined TJX. Visa said it issued "a substantial fine" in connection with the TJX data breach, but the amounts of the fines were not disclosed.
Among the security issues at TJX:
  • An improperly configured wireless network;
  • Failure to isolate cardholder data devices from the rest of network traffic;
  • Failure to properly manage the systems used to store, process and transmit cardholder data;
  • Storing prohibited cardholder data;
  • Using usernames and passwords "that were easy to penetrate"; and
  • Weak or non-existent security software and systems.
The most damning allegation in the new court filings are charges that TJX new about the  security problems and failed to disclose or remedy those problems, conduct which might increase the company’s liability under the law.

ETA Members Only
Login to access:
member information
membership status
member-only content
Upcoming Events

Compliance Day

September  21, 2010
Orlando, FL
 
breakers_sm
 

October 26-28, 2010
The Breakers
Palm Beach, FL

 
sandiego
 

May 10-12, 2011
San Diego, CA
Expo Information
Available Now!

expert_sm

 

Electronic Transactions Association Toll Free: 800.695.5509
1101 16th Street NW Washington, DC 20036 Tel: 202.828.2635
Privacy Statement | Antitrust Laws & Trade Associations
© 2010 ETA The Electronic Transactions Association. All rights reserved.