BreachExchange mailing list archives

Re: TJX breach shows that encryption can be foiled

From: "James Ritchie, CISA, QSA" <james_ritchie () sbcglobal net>
Date: Tue, 03 Apr 2007 15:54:03 -0400

FTC settlements

http://www.ftc.gov/opa/2006/02/cardsystems_r.htm

http://www.ftc.gov/opa/2006/01/choicepoint.htm

Donald Aplin wrote:

Section 5 of the FTC Act does NOT provide for any fines against
companies for data security breaches.  CardSystems was not fined a
penny in the settlement with FTC, nor was DSW in its settlement,
nor BJ's before that.The presence of an independent  Fair Credit
Reporting Act claim in the ChoicePoint action allowed for the
imposition of a $10 million fine.


Donald G. Aplin Legal Editor BNA's Privacy & Security Law Report
(202) 452-4688

_______________________________________________ Dataloss Mailing
List (dataloss () attrition org) http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents
over 7 years.


-- 
James Ritchie
MCSE, MCP+I, M-CIW-D, CIW-CI, Inet+, Network+, A+

Attachments with this email, not explicitly referenced, should not be
opened. Always scan your email and their associated attachments for
viruses prior to opening.

This message and any accompanying documents are confidential and may
contain information covered under the Privacy Act, 5 USC 552(a), the
Health Insurance Portability and Accountability Act (PL 104-191), or
the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and its
various implementing regulations and must be protected in accordance
with those provisions. Unauthorized disclosure or failure to maintain
the confidentiality of the information may result in civil or criminal
sanctions.

This e-mail is strictly confidential and intended solely for the
addressee. Should you not be the intended addressee you have no right
to any information contained in this e-mail. If you received this
message by mistake you are kindly requested to inform us of this and
to destroy the message.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7 years.

Current thread:

Re: TJX breach shows that encryption can be foiled, (continued)
- - - Re: TJX breach shows that encryption can be foiled Avery Sawaba (Apr 03)
    - Re: TJX breach shows that encryption can be foiled DAIL, ANDY (Apr 03)
    - Re: TJX breach shows that encryption can be foiled Sean Steele (Apr 03)
    - Re: TJX breach shows that encryption can be foiled DAIL, ANDY (Apr 03)
    - Re: TJX breach shows that encryption can be foiled B.K. DeLong (Apr 03)
    - Re: TJX breach shows that encryption can be foiled James Childers (Apr 03)
    - Re: TJX breach shows that encryption can be foiled Sean Steele (Apr 03)
- Re: TJX breach shows that encryption can be foiled Dissent (Apr 03)
  - Re: TJX breach shows that encryption can be foiled Chris Walsh (Apr 03)
  - Re: TJX breach shows that encryption can be foiled Donald Aplin (Apr 03)
    - Re: TJX breach shows that encryption can be foiled James Ritchie, CISA, QSA (Apr 03)
    - Re: TJX breach shows that encryption can be foiled Katie Felten (Apr 03)
  - Re: TJX breach shows that encryption can be foiled Dan Good (Apr 03)
    - Re: TJX breach shows that encryption can be foiled B.K. DeLong (Apr 03)