|
|
|
TJX Waging Legal Battle To Keep Security Details Secret
By: Evan Schuman
2007-10-25
Article Rating: / 1
There are 0 user comments on this Enterprise Applications story.
Court filings have begun for what frightens TJX most: being ordered to reveal publicly how the data breaches occurred.The TJX data breach has been a veritable data dynamo of details that, if carefully pieced together, say virtually nothing.
But those details have typically hinted at a wide range of security problems, including weak firewall protection, encryption irregularities, wireless problems and a Trojan horse that may have been planted.
After months of motions and arguments, filings have begun for the argument that frightens TJX the most: Whether U.S. District Court Judge William Young will order that TJX reveal publicly exactly how it believes the breaches occurred and why they happened.
In hearings in a Boston court the week of Oct. 22, attorneys representing banks that are suing TJX specifically asked Young for permission to make public reports that TJX had prepared detailing the mishaps. TJX is aggressively fighting such efforts.
At issue are five reports, plus a few related pieces of testimony. The reports are: one prepared by ATW on May 1, called the "Card Compromise Forensic Investigation Report" (Exhibit 5); a June 11 report by General Dynamics called "Advanced Information Systems, Intrusion into the TJX Companies, Inc.s Computer System" (Exhibit 8); a Verisign CISP compliance report from Sept. 19, 2004 (Exhibit 9); and a Cybertrust CISP compliance report from Sept. 6, 2006 (Exhibits 8, 9, and 10, collectively, the reports on compliance).
Young will likely look at several factors, including relevance and significance. However, the pivotal question is likely to be whether the contents of those reports will additionally weaken TJXs security.
The Framingham, Mass., retailer focuses on very specific details, such as the current location of various servers, and argues that such information would put consumers at more risk.
"The ATW Report and GD Presentation both provide detailed, nonpublic information about how TJXs computer system was compromised in 2005 and 2006," said a TJX document filed Oct. 24. "If revealed publicly, [it] could serve as a road map for persons trying to attack TJXs computer system or other participants in the payment card system."
"These documents are a sideshow and plaintiffs seek to include them only as part of their wider strategy to seek to discredit TJX at every turn," the TJX attorneys wrote.
The plaintiffs have countered that the handful of current details could be removed, leaving intact information about the state of the systems early on, systems that have since been fixed and otherwise changed.
Retail Center Editor Evan Schuman can be reached at Evan.Schuman@ziffdavisenterprise.com.
 Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.
|
|
�������x}r6*(g=(RGJɖ<֎my-8U*$�%)Js}
_$3q�O-�@�n4�w�~ I��KǘYO�cSݣ&}$5]
4I=�
ˑ�ԫ
9S]M�HwW3fcө�P/����᳑(,�Q �� �jO�0-Ps< j9��9ԗqlˏ~e0��-ڶAQ6)�j
�9a�?[�$�)qD
]
�X(�>�߱L㘄-:
�;|w*UN�8Spycf_0Hj:M"h4"J<�>wn=w2`~�|!�|`Vp黖6?"CAU��VekVC���y!rs�#�gKͻ�Hݠ匝o8Gd`j�I�@�"84Ԙ���C2R!p�5�`r*�)ZH��GL: fK>�P:x =3~bA2xFIH��l6XB�x�'C�]�tQV�_5kYoAסߍ=gf�GdYo&A.�QM� �T'�>6O(L|@��ɠi!ZdQ=c9e��V42M�YU\>TkqZ��JϢC
L{hRyݙ|۷�~]�*�
u���u7�Z}��m9E�szu}qN�6n���t(ȯ;YJM~cDr�T*4D>�&-ĆY^:'5=)G~W-âZPb�٥v'Y̮g��f�V҈�g�E)�"t'lni_77^ۧ'7�7fٚY�J��d�T�Y�MUYsYڟ:�gg�:�R��l3Hk�Cp=�['{:$~~Zz>5t�0���V+�JJgd�Z6�E$Y-r"//�!}O}�fr*GrI/�o,oG`cQ
�-F`X@7�? iP2ML9�ذ@/Щ#QW�B9<<}&T3o`��2��4�6f}=w
�a6z�@L4��:h�)=?�.1g]i�b&DJH7�Q��mRU/��(AM/�-
�5f>�].���Q#�=^f
A.r)i �� 6=aLT(\�q�_5
.pW9Q]�K\M�ޢG
�<�7ǛvW.~lzmXxX18�*]ev␄`\Z�Զ7�j06�76)CR�
�J h��2e8l�2nБ6滏?ς�@utiSMc|>9ևm'!|Аd0�
mx�Z.s3I��Xn`Nt�&hQy4�ڭ�,%_� ><�)zN=��=H�7(Z�χ�`jcaȦM@B9��ǻ�ޚ�<�Qҡ4|a���y�jQ?]�*qh3��-�Df>��o ��ќ�5҆�&��QcSB�]j�J|dN˕����C #RR,H6'��hI#r�����
Bг l`@o!`9`P� a�+R
.:���B�I��(cvn�K){T�[h!+�K@fkfh(2{~u}fB�+ 'b�Xr`Y
�\h+|�i)lc
ը[6؛RXU�+5tLބhd&la戡��uy=A�-l��&)#
KX�V�Xs�p?7�߀s XzaEXiŪ9c߃ 5���i<#D�aNM�6�S
R
�W?fx,���qٛ8�
Vs]ˤF`)�lq;r�dž�fؓi]Ý =3q
�R\fҪ|r�Y2��X.CmUPS7�˕L4 +UPM
g2)*hslr�p
VO\XbʁZJ=""�ǰ@3�>`L)^HIRЙn!@�9z٧l�)>�3-$֒e]T];/ 7r@4�}��24�@0ٖk�,:�(+c:K�_i��hH*6�@\\1-#��%Σ�?0�Z�?Lp�w{8�{j`a�C�+EE.�wӟ�x
#��ZY-x�K�;�� �xBS�Iݐ`�@GvLl;K[׳�l֩w@��=".I�N--|R9��3?�]dp܉DhQ+ma�@ͤP8L>Q@/��ű`�a�{�7w�9pJ��k>uM^�/vư+]59�e&@n�"}�QN4S�
ȴ`oZuik#2R��kH
+BQQbϓ�cw@M$ �g�24s`O[`T9#DzlʠlM9 Q^-L.M{��
�\�mpf�Z�FR�.�~~i~R`d�;(^p��1l4�ra-�?@��R�5v2Sgh�u魧{�[T+j[pfNP$!�7 ��dj>Ǿdo':�#H�}�~H�Lb����46�\,0�|*W*U�`n*Vѹ(�٩% 7C`@�.��tl?`�"'>Ѕڣ��s�sa*/73g Z�O�ZV,֪19P+R�jk�6�|�}3??Ce��t4R��8�p
�'3ǍR�2�ϡn׃�[Z`�zž+a֬Ӫ`f/EBc$�D!�
�2�:�е�%\%���~tZ{XD&l�͐*8e$βLb����R-�-e+
"IYY'>nz2M�>Zȓ3Եpe%s�@B>RZC5�H�yV_-Lzen2��#B�h_�t�U-'P}0�hRYpg=HY9^:9ez6eV�A~\ev�Q: LУ'x{�+~1Ad�r6#�>L=��;L4G�;��.E;["qD�d��k�Ŏr�P=(RP�c�0:]�bW`�;D`�wϨ��x3v�.b��CYVU,nAEj
`�3o?f�/$NM�.j:~��*` ~d�Y�vH5I-֊R{��
��2fc��$¾�-̷OS+f+
Cut�︈`O{_7Ќ�0�F_IΝ
JIUKU�jZ�'0�
4
�p}
�( JQ)��ݣ,�$�d�0JP-�V~8N3A��z'�
2�B�k:c#�S
�h*6%O�XO�2,��`މjbU\<1�м}�Z+=NL_BQ`�о(&w,O�ٛ�E �SbvL2�{?RXn;�){ΚG��ml?|m;ݫ#;,yޏ^�DkeqKKV�0_U�)��ؼ|xxՒ:mz^8�!�:(U>�
�`i8Fnx{L(c׆}�{%s%�u\nx�m}���-o�d~�D4lr�e}J|I{ѽo�U[J:^;Oj��K͋#烬�F�!yN/͛%ͦ5�Bk;d4)@�3p\#�K#�/�!PR2.ݛV3��/�s>V\zXkɱ,�7AϐaZ4G�vfފ#s�~mm�`!���ސdLZc� �
��@�RPOh�[#ZEsVrZgp6"�
B��X1
1uJ1 _RJ�MQ�=#�_ijV{LA/PINQ�):�}Qr:h/ER�}CCTդ�
WΫ\XP?o�!\8�_4��aj#rW��z[aUbݩm�3�Ky=r7?K�8�N*tb�l_@۞neiܱ?�nw`�操�~{O9ЛASmNi^7y�ja}%X@R�{#|&~>x�F]>xuS棏g��ڽ9�k3reۨ��G25[t�ܗGvO�r<�C9ngfR%٘NB�EW�5vho(r�YpJUO.�S~`V`�M�3}Ӿ��Jf�:7k�^xΠt4uv遧w{�{!.u06/�ycO4�2]awB%B6{ZgeQJW=�(qM@kjyAJ\"~^]V�䑽���XHڃ}
Fu�U��}q5O�xc�Z�yi�襶^;w79��Ff#I�VާA3��'�p6=xf�=�g
gL(��Lt
8*�dZfIa??"=|۵?q<;
~cc��xհ.*y }=ic�vpQ"RNM�vy�eM�+/BM)��hI(?|�YhE1="g,*3a0R7^�נȩ6uf#K�BE-4�{KRp'�a~
��sDZ� rƚ-ss|�GYE;@xiH^B_T' ML k�(}6 { g�R�-1Hq]�XI <�"P,NP� [Y<$�r��a�8()�@8
Lb
�kg)�U?��:K%2l2�,�/Y]�̮�T��v gt6ik�JS
Ld؉#L�C(b*aYfh1/ҏzV�DŽE�Ce����C)^.m��Bw·K'٧E�
&�,Y2�E
˕AB���!!�@^:%iKT�ݑe@騥mYR,ӎ�v%�UJW8c`vSS[LGBQꌘLLCjCO߸Y4$HBG���H�$�ϯ^N�=,'7ݕ3R-gV4g2jtB�%C
`�b%? �i1YڠXfm"E/Ǫ_C]R
װ� |IԤKӲ�ߺ%^:uM
L�}T�,"` E�֫W\�&vCc&\MRX2�JyHwxwT��Fi9J9J9J9JV;Jc}u���Զ�Zf�w&ja.��Sڳ�C#�C8D�I��D �"?E;R�ckȕԓ)xF-y|,
0&Sw`VTM$^�cU`/f�ϳ9+jO4�ў_��=��ܲ�֍n / ͥ,Dhf zp0^Z z#5
]qx����x$'(�x�W)O!�<*'7ݒJ_i]@�D\����
|7)��DˬU�H,nlWoK6(_] ݼwL{�=UΞt֎X]rz{�\�f7�*[i�2�2$5�_�٥��;-?�;MX3��3��X{i�֞��~2�Rŭpnl]uK.~%��_S^{*i1�Z9:B>l|L^2�$�Nj�lni2�sIcIƋYa.b||||>�Tn�cd:2D�۞e��SWu-&١E��e{=nյ�ƺ혋B32l��ztw]��6hu-�F~ZyU�'�>A̩(X.�2�3�^l!^L��]阶S�Q+P#K Z��} h�
>]q�j��f���Dz�#̷Deůnje.SDz4
1ن�6�ZO$e"i�Wn� { �Qx9.:/S^yIڤ<�;Тc[fZ�ޱh&l<0L� uC%inv�]#ۑ�aE7o9a:~~3!�llx-l|WN@�{^0sM#r�qG���kDWQ�O9�ɔ��-4#�]3nF|ٓ��1܀V#|K,L�ӜRs�8\co+ھЖ?|h,ow(�ΠZ~TxcHܳ`W~\%K_
(eܾ4uu\Ͳ;^��Hj��*e��r<�즎.D�L�6wA(yCm`�d;6LHJ�~Pm�c/@m:��U=0�V-EQz\�&UQV[#fyN{mV)fjNLneh>[pWp�#W/�%4�Sؘ
bM>$4878�WS&e< ,~h#R��؋�"��-'j� z�`��{�Ӎ�4��O�_j]R_d\V,szlqh0o|W�+iY@{4�I3mqS'�)Z�v8S[�xv1�C13��/O5�*<2��{*똆f�C�G?ÃZ;(�X6��W+hV9T�F��� ZihF!i3O<��I}l|�=XD6z/x�T�&e1eab,h6R`iVO3ط�/0Xn
]wL�G�3Q�E7�̩xf�w¢�t�Olω "�"�t�<��7�ʅ�]&�+x���ķ�?ē�~�ͮ�~OSJA�k('>?�E�oU7U6ZG��nbb+.�]��*6M �BaD0쎑�q�a ��BX���E���m�8JDr`�vRrBYm�2}@bb�PH�B!h�]F!,q\(Es��A3G?�Ñ2.īV��AXj�h"V+��Y�"�'"��H��]^|�E�8�.
dP]͏�m���/-Iy�oYK�>�qNfAfQȢiWE\f9�^ܩV�jqzz_�ZbiiE�.c
2�u5WHk̘xEm�vlMz� yԥ�BMDEW=TCR��fx�'#��ꊙ��;b�xc?Xy�c�a�jS?Xinyb+n'-浻3x"(ͪNDR`hi*�z
>ᩆ��n�r'�rs⒠��@N�da-��~eX�[|ri?�.RUzB��9�I�fېZZcX(+J
P�cʣ�.oؑZ�fG@.(@[ӆ]Oz/v�LnTr/�,�,TOಈVuvü�cno\VKZ%y[9 ��R`))���Z:<}Q-Dr1&�'R�OeB~\����S_+@jL�B(eYiv'�o.'�졢�qU�o/?QH
o�GȺmxxJ�" r[(N
c
r//6\Ix##�Vk3`qv(4+ h�a <$�EuE)�dש�-� zqۥO�чU?gC7L��-l
� \,�r9G}8wz}W8,ԝ��8�`8�.gj9T%.&���P5
d�U
{?_oz=&n%[ր�aN���J���xf�:LjX i1x
֭�[��Ӧ�?: k&(?,p�E�
�gGLƙ;fQWsվ@uT�H"08�
Cp*�@�[�`g*o���
c�n
Q&@Ē��7U�I,D/x
`�3��e5�A:"�\2},�GAa2?u:�R����g=Kqf�ldaQZ(�G~61<�` ?v�c.qts�x\jJ�_(J$Ѕ:�y,@#!��9ω��k3�$cuþޝ/#}|Aa�P8�Z
��+z�jJP�&uO�"_3ʰ�LXQʉ�_{coS�w0+ʟ9X+��F+i+*����9I͑�{GC�4i`�50 }a7bqO4n0<�{C&'ӛuӽ"'-̄}�[8Zzv?u7~qfb�v>Ju%Vv�ideAήmf(NT{;I6�W#\]dqx�ixɁ(ah,.v�5{$;
�U�j�Uo��,l�?fzz
MS�r
:�j|qw:,51uԢz h7Q`1D�*'M&�EJ8���SD^}'ݫv�ԼUۼ�v(��2_3of}i�8QޅnF9rz}y�hjgB3Y�}gG(kw֗wZFQ�d�3r�'c�zƇ^Fg(�_dծq1?e��2�>2@�\��_�^f%e�^e ?eCyF?��P~Q�{1W ?W�s�w1]�7c]?��/��q
3�dO�e�{���Y_�c�}OY�0�)~P~U�{mF�\$)c�f5q~%sQ^5N2\�}վ
U�[C(g�g���~6:Εb�+@^W~ kJ+ťw�
7Y[xUy-k{Z1v�dsחG{1h� �+GJyD����^]}MJ�4tk 7b[y�DYp��&}:#WVv+Jy._[nNJ>hs\ȜHdc3,F�D5b�9�|.y��|e8�Ntw<�'H_k�xĻO�e�ݞ<�辊r cn$� U`
֫K<}BE��}h#5]Y��j8���m!ϋ9y}we'A�u>T+����uLQ7[� ÈC?�k
H7�zig�FY~8=M��^�LUbp|f�ٴ^d,m��q4
9u� u8�y$�߽�RK,^ ,>�O1�
�Lx+Dt5^iB6�Ǝ3�O3�ebHPTTR{0mzp@DP�t�5JA.$`r�XR8,��PP�फ़���{q�Rj��oh�o�!�3p<@>&J�#Dk(��x��x=mEb{��c�A֚w�/E5/*��{_۱�B�c
�"R��?�^*q0 z6d%Q({ә�g_mot1.�m� k`-YkMD�҃Yhk䣿�t8�h;Ì,�i܃z3yFm�=ƾw<8~7mJN)z
�Ts�z\jn2%23�]{:�\xT "e�%hM-L��X]�L�&l�ybo*b�b�rс69�߇\$ǖ�]`>/�rz{Ī��SED�}GQ!rE>Yhxwxa)��GiU1_�����ӗ:�if:��`wƝ.ë~2ק ��U?N�V��Z��.
%CbF8]x�
MA�C~!O'
ϻI�kQ�6�N�>�LSc�? `�nwf��ɿ8KӘ2J1А8v2COA#t
7-[$@��O"O�C34�^
�w^;�q^'�d�d��9e7Cxěc�*۳�~"3v[��v/-�dzl�c�π!XwCQ�%ɷ`
�=͛�H�ˍt�/�A�sl2q?^[� !��ۂˌK-Ӵ>u¥":UX�HM���X,8/� km9Qh~��r"#�<[_ڵlAt
[=] D
�h�ey�" 7]!Kb� Cc]R>ŔK��]'[93�й?-{��/���e;�S_�X��(
LwMΠps::hՁG���X�xЬ;[)�qy6`;Щ0DM.vj]'nJQi#®54-���v�щ�&�:މ�o^;sQaWOԺ{0�* 0#Ersbcw�.^s �{ef�x�ٞջHQ#z.fY|Ђ!g�]1fZBThy6�#x�L�
M4ZQw�NV�Ƣ�I:6pFrX(Պ[gv[W셫Qbm٧d��i2�9J{) q-˕46�ean%nǝ�l| n%56G\�[�
��DՖ�(��
|
Enterprise Applications 
