Other

Hacks, Phreaks, Worms, Tigers
and Bears--Oh My

The top eight events that changed the history of internet security (and two that didn’t)

By Dave Gradijan

etween hand-held price-checking devices, the store’s computers and cash registers. (We’ve dated this hack by the disclosure, but the initial hack may have taken place as early as 2005, and on subsequent dates ranging from May 2006 to January 2007.) In the months following the initial disclosure, new developments have consistently come to light. In October of 2007, the number of compromised accounts more than doubled to 94 million. TJX has been criticized for collecting too much information, holding it for too long, and failing to upgrade its wireless security from a WEP encryption protocol (an old standard) to WPA (which is much stronger). TJX also came under fire for taking a long time to notify customers of the breach and for being non-compliant with Payment Card Industry Data Security Standard (PCI DSS).

Why not-so-significant: Again, then the largest data breach in history, and one that could have prompted major change and made companies take PCI DSS and other security standards more seriously. However, more than a year after the TJX breach first came to light, only 30 percent of retailers are PCI compliant, according to Sophos’ 2008 Internet Security Report. So much for cosmic change.

What did we miss? E-mail Staff Writer Katherine Walsh at kwalsh@cxo.com.

Related Coverage:

“Privacy: The Worst Quotes of the 2007”

“The Top 10 Data Breaches of 2007”

--

The comment field below does not work. Please send your feedback directly to the author.

• Email
• Print
• Comments
• Digg This
• SlashDot