News

Analysis: TJX Breach Doubles; What Difference Does It Make?

Some experts say the new estimate - 94 million compromised accounts - is purely a matter of legal jousting between banks and the retailer.

By Katherine Walsh

Page 2

 

Regardless of the actual number of affected accounts, many security experts say that TJX may have knowingly left sensitive customer data vulnerable.TJX was not compliant with PCI standards, which could have prevented the breach from ever occurring, according to Bob Russo, general manager of the PCI Security Standards Council.  Russo says that had TJX been compliant with the PCI Data Security Standard, none of these class action lawsuits would be taking place. DSS includes requirements for policies, procedures, network architecture, software design and security management, and is intended to help organizations like TJX protect customer account data. “No company that has experienced a breach has been compliant with [the PCI standard],” says Russo. “Clearly this is something companies need to start pay attention to.” [See CSO’s previous look at the PCI standard.]

 

In the wake of the breach, TJX has offered credit monitoring identity theft insurance to 455,000 customers, in addition to $30 gift certificates and a 15 percent purchase discount for customers who were affected. 

 

Reach CSO Associate Staff Writer Katherine Walsh at kwalsh@cxo.com.

 

 

Other stories by Katherine Walsh

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors