TJX's SEC Filing Raises New Questions
TJX's 10-K filing to the Security and Exchange Commission was made public Wednesday and has made for a whole new set of news stories, blog posting, and speculation.
The report seems to indicate that the TJX Companies, Inc. were employing encryption technology on their cardholder transactions and did delete confidential data on some sort of a regular basis. That's the good news.
The bad news is the intruders apparently were able to capture the card information of 46 million users by installing software on the systems at TJX's Framingham headquarters that copied the information prior to it being encrypted. TXJ also admitted that it appears the intruders had a copy of their encryption key, apparently as a back-up in case the software failed to work or the data was encrypted prior to the point where the software captured it.
Needless to say, the new questions will swirl around how rogue software was allowed to remain in their systems for so long without detection, as well as how the key was obtained.
The information in the 10-K only reveals TJX's perspective of what happened. It will be interesting to see what is revealed as the SEC begins to dig into this further.
Have these latest revelations changed your perspective on the TJX breach at all? I'd be curious to hear whether these new details are swaying opinions, one way or the other.
Comments