Banner
  Site Search

Contact ETA | MyETA | About ETA
Home
About ETA
Join ETA
Events
News
Information Resources
Education
Advocacy
Media Relations
Contact Us
ETA Forums
My ETA
Advanced Search
Quick Links

TJX Breach Details Revealed PDF Print E-mail
Attorneys suing retailer TJX have added to their original complaint, relying on newly discovered details regarding the company’s widely reported security breach.

In a news story in E-Week, it was revealed that TJX failed to comply with nine of 12 applicable PCI requirements and that the data thief managed to walk away with 80 gigabytes of data on TJX customers.


Other revelations:
  • Many of the TJX violations were "high-level deficiencies," according to a TJX consultant.
  • In May 2006, a traffic capture/sniffer program was installed on the TJX network by the data thief, and remained undetected for seven months.
  • TJX knew of the security problems as early as 2004. But took no action.
  • The data breach affected more than 100 million credit and debit card account numbers.
  • Visa and MasterCard have fined TJX. Visa said it issued "a substantial fine" in connection with the TJX data breach, but the amounts of the fines were not disclosed.
Among the security issues at TJX:
  • An improperly configured wireless network;
  • Failure to isolate cardholder data devices from the rest of network traffic;
  • Failure to properly manage the systems used to store, process and transmit cardholder data;
  • Storing prohibited cardholder data;
  • Using usernames and passwords "that were easy to penetrate"; and
  • Weak or non-existent security software and systems.
The most damning allegation in the new court filings are charges that TJX new about the  security problems and failed to disclose or remedy those problems, conduct which might increase the company’s liability under the law.

ETA Members Only
Login here to access your member information, membership status and member-only content.
Banner
Upcoming Events

Compliance Day

April 13, 2010

Mandalay Bay Resort & Casino

Las Vegas, NV

Investment Community Forum

April 13, 2010

Mandalay Bay Resort & Casino

Las Vegas, NV

 

Prepaid Day

April 13, 2010

Mandalay Bay Resort & Casino

Las Vegas, NV

 

2010 ETA Annual
Meeting & Expo
April 13-15, 2010

Mandalay Bay Resort & Casino

Las Vegas, NV

 

Strategic Leadership Forum: The Future of Payments, Today

October 26-28, 2010

The Breakers

Palm Beach, FL

2010 Annual Meeting
exhibhall

2010 Annual Meeting Exhibitor Information is Here!

If you're planning to join the leading companies in the  payments business in the ETA Annual Meeting exhibiton hall next April, now is the time to reserve your space and make your plans. Everything you need is  here .

 

 

Electronic Transactions Association
1101 16th Street NW Washington, DC 20036
Toll Free: 800.695.5509 Tel: 202.828.2635

Privacy Statement | Antitrust Laws & Trade Associations
© 2008 ETA The Electronic Transactions Association. All rights reserved.