by Mike Masnick
Mon, Sep 10th 2007 2:39pm
We've already seen that, as with just about every other data leak, the massive data leak from clothing retailer TJX was a lot worse than originally reported. However, some are now asking whether the company also hasn't come entirely clean about when the breach occurred and when the company knew about it. The official statements from TJX suggest that the company became aware that its own horrible security was breached on December 18th, 2006, and informed the FBI by December 22nd. However, as the article above notes, there's evidence suggesting that TJX was familiar with the breach well before that. Remember that a bunch of folks had been arrested in Florida for using the TJX data in scams. The police in that case have filed some reports, noting that TJX had alerted them to a breach back in March of 2006 -- and, in fact, the Florida investigators filed reports on their investigation in November 2006... well before TJX even claims that it knew of the breach. It certainly raises some questions about when TJX really became aware of the breach, and when the company finally alerted people that their data may have been compromised.
If you liked this post, you may also be interested in...
- NSA Director: If I Say 'Legal Framework' Enough, Will It Convince You Security People To Shut Up About Our Plan To Backdoor Encryption?
- Lenovo CTO Claims Concerns Over Superfish Are Simply 'Theoretical'
- Lenovo Quietly Deletes That Bit About 'No Security Concerns' To Superfish... While Superfish Says 'No Consumers Vulnerable'
- The Story Behind The Hackers Behind The Largest Credit Card Number Heist
- Looks Like The Guy Who Set The Record For Largest Credit Card Breach Was Breaking His Own Record