TJX Breach Shows that Encryption Can be Foiled

By Ross Kerber, Globe Staff | March 31, 2007 The Boston Globe

Encryption alone is no panacea for threats to consumer data, according to specialists who say the technology's limit can be seen in the problems reported by TJX Cos. of Framingham.

The notion of using complex math formulas to scramble electronic information is gaining steam as a way to protect individuals' privacy, an area of growing concern for retailers and banks as data thefts become more brazen.

But recent details to emerge on how hackers accessed the parent of stores including T.J. Maxx and Marshalls show how encryption can be defeated by clever thieves -- and suggest the breach may have been an inside job.

A securities filing by TJX on Wednesday disclosed that the incident may have compromised more than 45 million credit and debit card numbers, the most in any single incident. In the filing, TJX also stated that "we believe that the intruder had access to the decryption tool for the encryption software utilized by TJX."

TJX spokeswoman Sherry Lang declined to elaborate on the document, but outside security consultants say the language hints that a company employee or contractor, or someone known by an employee or contractor, was able to gain access to TJX's computers and obtain the formula needed to unscramble data.

formatting link

Reply to
Monty Solomon
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.