Computerworld [hdr_r_security.gif] IDG NETWORK Quick Menu [More Resources............] Search ______________ Submit * Home * News * E-mail Newsletters * Blogs + IT Blogwatch + Shark Tank + Topics o Business Intelligence o Careers o Development o E-Business & Web 2.0 o Emerging Technology o Government & Regulation o Hardware o Internet o IT Management o Mobile & Wireless o Networking o Security o Servers & Data Center o SOA & Web Services o Software o Storage * Shark Bait + Back In The Day + Boss Ahoy! + Floundering Users + Miscellaneous Bait + News Bait + Office Politics + Q&A + Sinking Projects + Tricks Of The Trade + Video + Suggest a Topic + Submit a Bait + Register + Login + FAQ + Top Baits & Big Fish + Invite a Friend + SharkTank * Knowledge Centers + Operating Systems o Windows o Linux & Unix o Macintosh OS + Networking & Internet o LAN/WAN o Hardware & Devices o Protocols & Standards o Wireless Networking o Network Security o VPN o VoIP o Internet # Internet Business # Internet Applications # Web 2.0 # SaaS # Broadband + Mobile & Wireless o Mobile Devices o Laptops o Mobile Access o Mobile Applications & RFID o Wireless Networking o Wireless Trends & Technologies o Personal Technology + Security o Cybercrime & Hacking o Spam, Malware & Vulnerabilities o Security Hardware & Software o Standards & Legal Issues o Privacy o Intellectual Property & DRM o Disaster Recovery + Storage o SAN o NAS o Hardware o Software o Disaster Recovery o Compliance o Storage Security + Business Intelligence o Analytics o Data Mining o Data Warehousing o Databases + Servers & Data Center o Servers o NOSes & Server Software o Virtualization o Data Center o Infrastructure Management o Grid & Utility Computing o Mainframes & Supercomputers o Disaster Recovery + Hardware o Processors o Windows & Linux PCs o Macintoshes o Laptops o Servers o Grid & Utility Computing o Mainframes & Supercomputers + Software o Desktop Applications o Enterprise Applications # CRM # ERP/Supply Chain o Open Source o Saas o Databases + Development o Web Services o Web Site Management o Software Development + Careers o Education/Training o Hiring/Recruiting o Skills o Search Job Listings o Outsourcing + Management o ROI o Project Management o Outsourcing + Government o Compliance o Legislation/Regulation o IT in Government * Opinion + Columnists + SharkTank * Webcasts * Video * Podcasts * White Papers * IT Careers * Computerworld Reports * Zones + Application Delivery + Business Continuity + Enterprise Search Zone + File Data Management + SAS + Security Management + The Security Zone * Case Study Library * RSS Feeds * Events + Face to Face o Leadership o Awards o Storage o Mobile o Data Center o BI o SaaS o Green IT o Honors o Sponsorship + Virtual o Virtualization Directions - April 2009 o Enterprise Architecture - March 2009 o Security Directions - Dec 2008 o Virtualization Directions - Oct 2008 * Print Subscriptions [hdr_resourcecenter.gif] Ads by TechWords [gray_dash.gif] [clear.gif] See your link here Subscribe to our e-mail newsletters For more info on a specific newsletter, click the title. Details will be displayed in a new window. [_] Finance [_] Security [_] Computerworld Daily News (First Look and Wrap-Up) [_] Computerworld Blogs Newsletter [_] The Weekly Top 10 More E-Mail Newsletters __________________ [btn_signup.gif]-Submit Computerworld 2007 Subscribe to Computerworld 40 years of the most authoritative source of news and information for IT leaders. __________________ [btn_subscribe.gif]-Submit Scope of TJX data breach doubles: 94M cards now said to be affected The company at first said 45.6M accounts had been breached Jaikumar Vijayan Today’s Top Stories or Other Security Stories [hdr_r_webcasts.gif] * How to Future-proof for Mobility: An Integrated Management and Security Strategy * Preparing for PCI 1.2 Web Seminar * Winning Enterprise Authentication: 5 Key Steps for Success [hdr_r_whitepapers.gif] * ITIC Research Paper: VIPRE Takes Bite out of Bloatware * Protecting Against the New Wave of Malware * Building a Reliable and Dynamic Data Center with PAN Manager by Egenera [hdr_r_ebs.gif] * Trend Micro Gets Smart with a Hybrid Approach * Computerworld Technology Briefing: Intelligent Users Use Business Intelligence * Trend Micro Gets Smart with a Hybrid Approach [hdr_r_resource_alerts.gif] Sign up to receive Security Resource Alerts sign-up October 24, 2007 (Computerworld) -- For anyone who thought that 45 million was an absurdly high number of payment cards to be compromised in a data breach, try 94 million. That's the total number of cards actually exposed in the breach disclosed by TJX Companies Inc. earlier this year, according to court documents filed yesterday by a group of banks suing the Framingham, Mass.-based retailer over the incident. The filings, made in federal court in Boston, relate to a dispute over whether the multiple financial institutions who are plaintiffs in the case should be treated as a class or whether each bank would be required to pursue individual cases against TJX. The plaintiffs in the case include the Massachusetts Bankers Association, the Connecticut Bankers Association, the Maine Association of Community Banks and AmeriFirst Bank Inc. In documents arguing for class action status, the banks claim that the TJX breach affected 94 million separate card holder accounts over a 17-month period -- not 45.6 million accounts, as TJX had disclosed. Quoting figures supplied by the card companies themselves, the bankers said that the breach affected approximately 65 million Visa account numbers and an additional 29 million MasterCard accounts. To date, the losses by card-issuing companies on Visa accounts alone total between $68 million and $83 million, the banks said, citing the Visa information. "Unlike other limited data breaches where 'pastime hackers' may have accessed data with no intention to commit fraud, in this case it is beyond doubt that there is an extremely high risk that the compromised data will be used for illegal purposes," the bankers said in an affidavit. "Faced with overwhelming exposure to losses it created, TJX continues to downplay the seriousness of the situation." TJX officials did not immediately respond to a request for comment. The figures included in the court documents, if accurate, more than double the size of the TJX breach, which had originally been pegged at 45.6 million cards based on estimates from the retailer itself. Even that number represented the biggest-ever compromise of payment card data. The next-closest data compromise is the mid-2005 breach at CardSystems Solutions Inc., which involved about 40 million cards. The large discrepancy between the numbers supplied by TJX and those from the banks suggest that TJX did not have the log data needed to do a proper forensic analysis of the incident, said Michael Maloof, chief technology officer at Trigeo Network Security Inc., a vendor of security event management tools in Post Falls, Idaho. All too often, he said, companies that don't have processes in place for collecting and storing log data wind up losing the telltale tracks left behind by computer intrusions. Even with that log data, it is often difficult to figure out exactly what might have happened in a breach such as the one at TJX, said Deepak Taneja, CEO of Aveksa, a Waltham, Mass.-based provider of access control technologies. "It's not an exact science. You use the evidence that is available and try to figure out the extent of the breach and which files [intruders] had access to and how much of the data did they get to." Continued... 1 | 2 | NEXT [clear.gif] Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story [clear.gif] Blogs "While the publicly held security companies are posting surprisingly good numbers in the face of a dour economy, privately held..." Read more... "There is no need to disable Autoplay to protect a Windows computer from an infected USB flash drive. A simple..." Read more... Read more Security posts or See all Blogs Microsoft warns that Vista, XP upgrade blockers set to expire NASA: Mars rover back on its feet; probe continues Hospitals with better IT have fewer deaths, study shows More top stories... P2P networks rife with sensitive health care data, researcher warns Google unveils tools that can show if your ISP is giving you what you paid for NFL's Super Bowl IT team gets ready for game day Q&A: Linux founder Linus Torvalds talks about open-source identity Linus Torvalds took some time out to speak tabout a host of topics including point releases, filesystems and what it is like switching to GNOME. He also puts Windows 7 in perspective. Living free with Linux: 2 weeks without Windows Can a dedicated Windows user make it for two weeks using only Linux? Preston Gralla tried it and lived to tell this tale. FAQ: How to protect your PC against the Downadup worm Biggest worm in years has hit millions of PCs, but you can fend off an attack. Opinion: The top 10 standout Macs of the past 25 years Not all of them were home runs, but they all made a big splash. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system [More Continuing Coverage................] 2008 Salary Survey Find wage data for 50 IT job titles. [More Special Reports...........] All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone The Enterprise Search Zone The Security Zone The Application Delivery Zone [hdr_resourcecenter_narrow.gif] Ads by TechWords [gray_dash.gif] [clear.gif] See your link here Data Governance: How to Triumph over Bad Data Data Governance: How to Triumph over Bad Data Register to attend this live webinar on Wednesday, January 28, 2009 at 11:00 am (EST). Go to the webcast Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing download Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network Download this new white paper today! (Source: HP) Like any network technology, wireless local area networks (WLANs) need to be protected from security threats. Though recent developments in IEEE standards have been designed to help ensure privacy for authenticated WLAN users, WLAN clients and enterprise infrastructure can still be vulnerable to a variety of threats that are unique to WLANs. Download this white paper go White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Protecting Against the New Wave of Malware An Innovative Approach to Managing Software Requirements ITIC Research Paper: VIPRE Takes Bite out of Bloatware View more whitepapers * Microsoft warns that Vista, XP upgrade blockers set to expire * P2P networks rife with sensitive health care data, researcher warns * NASA: Mars rover back on its feet; probe continues * More top stories Featured Zone The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones Shark Bait View Shark Bait Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits Shark Bait White Papers Security and Trust: The Backbone of Doing Business over the Internet [verisign_backbone_th.jpg] Earning the trust of online customers is vital for the success of any company that requires sensitive data to be transferred over the internet. With VeriSign you can put technology in place to help your online business protect customer data and build consumer trust. Learn how with this white paper. Download this white paper now! TODAY'S TOP BLOG Dan Tynan Dan Tynan: Just how private is your data? January 28 may be international Data Privacy Day, but none of us will be enjoying any more privacy until we're more selective about the information we share online. ... [more] [juniper_logo_color.jpg] [juniper_wc_cs.jpg] Webcast: The Automation of IT Compliance Programs: Reducing Risk, Cost and Complexity of Corporate Compliance To meet the growing number of industry and federal regulations, businesses spend significant time, effort, and budget determining how to best meet continuously evolving IT compliance requirements this new Forrester Research and Juniper Networks Webcast led by industry experts who examine global IT security and compliance trends, common IT compliance issues and challenges, and best practices for successful IT compliance programs. View this webcast [juniper_top5_cs.jpg] Whitepaper: Tackling the Top Five Network Access Control Challenges The major challenge enterprises face today is how to create innovative business models and to increase productivity by opening the network to a dynamic workforce, while at the same time protecting critical assets from the vulnerabilities that openness and user mobility bring. In addition, to comply with industry and governmental regulations, enterprises must prove that they have stringent controls in place to restrict access to sensitive data. This paper describes the top five networking access control challenges that companies like yours are facing and solutions that they are deploying today. Download this white paper [juniper_UAC_cs.jpg] Whitepaper: Addressing PCI Compliance with a Comprehensive Network Access Control Solution The Payment Card Industry (PCI) is one of the most comprehensive data security standards in a cluster of regulations that have emerged over the past decade. Meeting its requirements is both complicated and expensive for many companies. Learn how a comprehensive access control solution allows retailers and consumer organizations adhere to the core tenets of PCI, and delivering the necessary information and reports needed for compliance audits. Download this white paper [juniper_utilities_cs.jpg] Whitepaper: Control System Cyber Vulnerabilities and Mitigation of Risk for Utilities Today's global industrial infrastructure includes thousands of electric utilities, water/wastewater management companies, oil and gas suppliers, chemical manufacturers and other facilities critical to daily functioning. Learn why relying on off-the-shelf operating systems and Internet-based remote access control to carry out production tasks, traditional control networks can leave today's global industrial infrastructures vulnerable to hackers, extortionists, worms, viruses and application-level attacks. Deploying network-based security can protect these at-risk systems–without requiring infrastructure replacement. Download this white paper Sponsored Links Better Manage your Wireless Devices Breakthrough parallelism: Intel(R) Parallel Studio. VMware. Affordable disaster recovery. Get your free kit: Will data center evolve for good or evil? Watch the new DCX Man Adventures. Too much time wasted on spam? FREE spam solution trial. See the power of the new Quad-Core AMD Opteron(tm) processor. The ROI and TCO Benefits of Data Deduplication in the Enterprise See how Rackspace can optimize your IT dollars See the power of the new Quad-Core AMD Opteron" processor. Intercept Spam & Viruses With MessageLabs Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker Brocade HBAs are the smarter way to connect servers to storage. Learn more at: Real-time, reporting: Try Free 60 day trial now Click Here 2008 Internet Malware Trends Report Curious about FCoE? Watch The Dr. Digital Show from Brocade. Spigit: Innovation Both Inside and Out File Integrity Monitoring: Prove compliance and secure your IT environments Save up to 66% plus FREE Dessert from Omaha Steaks. 10% off Medusa Labs Expert Storage Protocol Training Predict the future with HP Insight Power Manager Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO [pix.gif] Computerworld [pix.gif] CSO [pix.gif] DEMO [pix.gif] GamePro [pix.gif] Games.net [pix.gif] IDC [pix.gif] IDG [pix.gif] IDG Connect [pix.gif] IDG Knowledge Hub [pix.gif] IDG TechNetwork [pix.gif] IDG Ventures [pix.gif] IDG.net [pix.gif] InfoWorld [pix.gif] ITworld [pix.gif] JavaWorld [pix.gif] LinuxWorld [pix.gif] Macworld [pix.gif] Network World [pix.gif] PC World [pix.gif] The Industry Standard [pix.gif] Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. Quantcast