Sunday, October 07, 2007

Retailer Security: PCI, Gap and TJX Revisited

The big new breach of the week, as if a week passes now without one, was the Gap. Personal data on 800,000 job applicants, well secured, I'm sure, on a contractor's laptop went missing. This was reported in Computer World, SearchSecurity and SC Magazine.

In more retail breach news, TJX offered a settlement to those who had to replace their driver's licenses due to their breach discovered earlier this year. The announcement came shortly before a Canadian government report explained how the intrusion took place.

And then, as if retailers didn't have enough headaches, the deadline for compliance with the Payment Card Industry (PCI) standard passed October 1 with many retailers still not compliant.

There were four reasons cited for non-compliance: the cost and energy required to put controls on legacy systems, differing opinions from auditors on what constitutes compliance, the difficulty of staying compliant, particularly as the threat environment changes, and a lack of enforcement.


Post a Comment

Links to this post:

Create a Link

<< Home