TJX: Data breach damage $25 million and counting

By Bill Brenner, Senior News Writer 16 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The Framingham, Mass.-based retail giant reported Tuesday that its quarterly operating profit missed Wall Street estimates by a penny. On a net basis, the company reported a 1% drop in earnings. It posted net income for the first quarter at $162.1 million, down from $163.8 million a year earlier.

TJX data security breach: TJX breach tied to Wi-Fi exploits: The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls. Banks prepare lawsuit over TJX data breach: TJX will face a lawsuit from three New England banking associations as well as individual banks. The Massachusetts Bankers Association is inviting others to join the suit. The TJX data security breach: 10-K filing shows IAM and compliance mistakes: Analysis of TJX's recent 10-K regulatory filing with the Securities and Exchange Commission exposes the company's lack of basic security and non-compliance with industry standards. Meet the PCI DSS, avoid being the next TJX: In this Q&A, Seana Pitt, chairperson of the PCI Security Standards Council, explains how PCI DSS can help companies reduce risk, and how the council is updating the standard to deal with new challenges.

During the three-month period ending April 28, TJX said it took a $12 million after-tax charge for costs to "investigate and contain the intrusion, enhance computer security and systems, and communicate with customers, as well as technical, legal, and other fees."

The company has paid a heavy price to bolster its data security procedures and respond to an increasing list of lawsuits. According to a various published reports in recent weeks, the total cost TJX has paid to address the breach is about $25 million so far.

Three New England banking associations and some individual banks are suing TJX to recoup the money spent replacing compromised cards and covering fraudulent charges traced back to the TJX incident. The Massachusetts Bankers Association, Connecticut Bankers Association, Maine Association of Community Banks and some individual banks argue that TJX failed to protect customer data with adequate security measures, and that the retail giant was less than honest about how it handled data.

TJX has acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate its network. The company gave a tally of the damage in a regulatory filing with the Securities and Exchange Commission (SEC) in March, and also acknowledged that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information.

Tags: Identity Theft and Data Security Breaches,  Database Security Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM External attacks start with unintentional mistakes, survey finds Database Security Management What is the best database patch management process? Unpatched vulnerability discovered in Microsoft SQL Server SQL injection continues to trouble firms, lead to breaches Oracle issues quarterly patches, fixes database flaws Database monitoring, encryption vital in tight economy, Forrester says Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Imperva assigns security risk levels to databases How to create configuration management plans to install DLP Information security book excerpts and reviews Database Security Management Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary