TELECOM Digest OnLine - Sorted: TJX Breach Shows that Encryption Can be Foiled

TJX Breach Shows that Encryption Can be Foiled

Monty Solomon (monty@roscom.com)
Sat, 31 Mar 2007 09:38:56 -0400

By Ross Kerber, Globe Staff | March 31, 2007
The Boston Globe

Encryption alone is no panacea for threats to consumer data,
according to specialists who say the technology's limit can be seen
in the problems reported by TJX Cos. of Framingham.

The notion of using complex math formulas to scramble electronic
information is gaining steam as a way to protect individuals'
privacy, an area of growing concern for retailers and banks as data
thefts become more brazen.

But recent details to emerge on how hackers accessed the parent of
stores including T.J. Maxx and Marshalls show how encryption can be
defeated by clever thieves -- and suggest the breach may have been an
inside job.

A securities filing by TJX on Wednesday disclosed that the incident
may have compromised more than 45 million credit and debit card
numbers, the most in any single incident. In the filing, TJX also
stated that "we believe that the intruder had access to the
decryption tool for the encryption software utilized by TJX."

TJX spokeswoman Sherry Lang declined to elaborate on the document,
but outside security consultants say the language hints that a
company employee or contractor, or someone known by an employee or
contractor, was able to gain access to TJX's computers and obtain the
formula needed to unscramble data.

http://www.boston.com/business/globe/articles/2007/03/31/tjx_breach_shows_that_encryption_can_be_foiled/

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Reuters News Wire: "R u rdy 4 wrlds fastest txt msg?"
Go to Previous message: Monty Solomon: "Urgent! Please read: Windows ANI Header Stack Buffer Overflow"
TELECOM Digest: Home Page