More information about the TJX data theft is coming out in court papers filed this week against the retail company. Earlier this week it was reported that the breach of customer credit and debit card info was much larger than previously thought, with about 96 million customers being affected by the breach, as opposed to the 46 million to which the company had previously admitted.
Now eWeek’s Evan Schuman reports, per new information in court documents, that thieves on TJX’s network had managed to install a sniffer in May 2006 that allowed them to capture card data as it traveled over the network in the clear. TJX failed to detect the sniffer for seven months and also failed to notice that the intruders siphoned 80 gigabytes of stored data from a TJX server and transferred it over TJX’s own high-speed connection to another location.
TJX Failed to Notice Thieves Moving 80-GBytes of Data on its Network on Threat Level
Guess they should have had Peakflow X! 😛