? TJX theft tops 45.6 million card numbers TJX公司被盜取45600000卡號(hào) Robert Lemos, SecurityFocus 2007-03-30 ? More than three months after detecting a breach of its systems, retail giant TJX Companies released this week its best guess at the number of customers whose credit-card information and other data were stolen by online thieves. TJX公司經(jīng)過(guò)3個(gè)月的系統(tǒng)漏洞探測(cè)分析，發(fā)現(xiàn)許多的客戶信用卡和用戶信息在互聯(lián)網(wǎng)被盜。 Information from at least 45.6 million credit cards had been stolen by unknown attackers who had breached the company's computer transaction processing systems between July 2005 and mid-January 2007, TJX stated in its annual report filed with the U.S. Securities and Exchange Commission (SEC) on Wednesday. It's a number that will only likely grow larger: The tally of 45.6 million credit-card accounts was calculated from data records for transactions processed between December 31, 2002 and November 23, 2003. Data files after November 2003 were deleted in the "ordinary course of business" but not before the records were likely stolen, TJX stated in its annual report. TJX在星期三的年度報(bào)告上用了大段篇幅談到業(yè)務(wù)安全問(wèn)題（安全業(yè)務(wù)代理），目前還不知道是誰(shuí)所為，從2005年7月到2007年1月中旬這個(gè)入侵者通過(guò)系統(tǒng)漏洞盜取了至少45600000個(gè)信用卡號(hào)。被盜取的信用卡號(hào)也許比公布的數(shù)字還要高。45600000這個(gè)數(shù)字是通過(guò)2002年12月31日到2003年11月23日的交易數(shù)字分析得出來(lái)的。 "To date, we have been able to identify only some of the information that we believe was stolen," the company stated in the report. "Deletions in the ordinary course of business prior to discovery of the Computer Intrusion and the technology used by the Intruder have, to date, made it impossible for us to determine much of the information we believe was stolen, and we believe that we may never be able to identify much of that information." 公司在報(bào)告中還說(shuō)到：“到目前為止，我們僅僅能確認(rèn)一部分的卡號(hào)已經(jīng)被盜，公司幸好提前發(fā)現(xiàn)入侵，并發(fā)現(xiàn)了入侵者的入侵手段。到目前為止，我們不能確定具體盜取了多少信息。” The breach is the largest known data theft to date, topping the 40 million credit-card numbers put at risk by a breach of CardSystems Solutions' processing systems in 2005 and leaving in the dust the 26.5 million personnel files stored on a laptop and external hard drive which were stolen from the home of an employee of the U.S. Department of Veterans Affairs. The laptop was later recovered. 這是目前由于系統(tǒng)漏洞的原因?qū)е聰?shù)據(jù)被盜的最大額度，多達(dá)40000000個(gè)信用卡由于信用卡系統(tǒng)的原因裸露在危險(xiǎn)的地方。在2005年，存儲(chǔ)有26500000個(gè)個(gè)人信息的硬盤被盜，原因是這個(gè)存儲(chǔ)數(shù)據(jù)的硬盤被發(fā)現(xiàn)在一個(gè)職員的家里，之后這臺(tái)筆記本的數(shù)據(jù)被刪除。 The TJX breach became public in January when the company announced it had discovered that online attackers had compromised its network. Originally the company thought the first attack had occurred no earlier than May 2006, but in late February, announced that evidence pointed to intrusions as far back as July 2005. Banks have reissued a large number of credit-card accounts put at risk by the breach, and Florida law enforcement has stated that a ring of gift-card fraudsters had used the stolen numbers to buy more than $8 million in merchandise. 當(dāng)公司在1月份公布發(fā)現(xiàn)入侵者入侵系統(tǒng)的時(shí)候，他們認(rèn)為黑客可能是在2006年5月份入侵系統(tǒng)的，沒有想到黑客早在2005年7月就入侵了系統(tǒng)。銀行重新發(fā)布了大量的信用卡帳號(hào)，Florida（美國(guó)州名）州法律剛剛公布了一個(gè)法律關(guān)于用戶卡被盜的法律。這個(gè)法律用于當(dāng)卡被盜的時(shí)候，將承受高達(dá)8000000美元的罰款。 ? The company minimized such reports in its financial statement. 公司在這份報(bào)告中還涉及到減少財(cái)政狀況。 "While we have been advised by law enforcement authorities that they are investigating fraudulent use of payment card information believed stolen from TJX, we do not know the extent of any fraudulent use of such information," the company said in its annual report. "Some banks and payment card companies have advised us that they have found what they consider to be preliminary evidence of possible fraudulent use of credit payment card information that may have been stolen from us, but they have not shared with us the details of their preliminary findings." “當(dāng)我們咨詢相關(guān)法律專家后發(fā)現(xiàn)：是入侵者從TJX公司盜取用戶卡信息的，我們不知道任何有關(guān)盜竊的過(guò)程和這些信息被盜取后的用途。“一些銀行和信用卡公司建議我們給他們提供相關(guān)被盜信用卡信息以防止這些卡的信息被泄漏，但是他們沒有反饋他們發(fā)現(xiàn)的問(wèn)題。 company found that two of its computer networks had been breached. The online attackers compromised the company's systems in Framingham that process and archive transactions and returns from its stores in the U.S. and Puerto Rico as well as its Winners and HomeSense stores in Canda, the firm stated in its annual report. Attackers also breached "a portion of our computer systems" in Watford, U.K., that process and archive transactions from the company's T.K. Maxx stores in the United Kingdom and Ireland, TJX stated. 公司發(fā)現(xiàn)公司內(nèi)部網(wǎng)絡(luò)已經(jīng)被入侵，入侵者從Framingham入侵系統(tǒng)，并且把一些文件傳送到他們的機(jī)器中。黑客們也入侵了在U.K.“的部分系統(tǒng)”。他們從存儲(chǔ)其中獲取了一部分?jǐn)?shù)據(jù)。 Only about a third of the credit-card accounts, about 15 million, are likely at risk because of the attacks, because the other two thirds of the credit-card numbers had expiration dates that had passed at the time the accounts were stolen, according to TJX's report. However, the company did not have information on the number of credit-card issuers that used the same numbers when extending the expiration date. 報(bào)告中還指出：大約有三分之一的信用卡，大約15000000個(gè)信用卡號(hào)由于入侵者的原因，他們正處于危險(xiǎn)之中。另外的三分之二個(gè)卡號(hào)由于已經(jīng)過(guò)期。然而，公司由于沒有信用卡發(fā)行者的相關(guān)信息，導(dǎo)致當(dāng)卡過(guò)期的時(shí)候，公司不能確定卡的有效期時(shí)間。 In addition, more than 450,000 names, addresses and personal ID numbers (in most cases, the person's Social Security number) were also taken from the servers, the company stated. 另外，多達(dá)450,000個(gè)名字，地址和個(gè)人ID號(hào)（個(gè)人社保卡卡號(hào)）將被泄漏，我們也把這些信息放在服務(wù)器上。 The latest details revealed by TJX's annual report could further worsen the company's financial situation, said Bruce Cundiff, senior analyst for Javelin Strategy and Research. The company has already recorded a pre-tax charge of $5 million to pay for expenses caused by the breach. 高級(jí)分析師Bruce Cundiff說(shuō)道：在最近的TJX的年度報(bào)告中顯示公司的財(cái)政狀況，公司已經(jīng)拿出5000000美元的投入專門用來(lái)解決系統(tǒng)漏洞的問(wèn)題。 "The more news that comes out, the worse it seems for TJX," Cundiff said. "I don't think we have seen the punishment yet that the market is going to bring to bear due to customer dissatisfaction." Cundiff說(shuō)：“更多的信息顯示，TJX的情況將會(huì)更糟，我們當(dāng)然不想看到TJX公司變得更糟，但是由于客戶的不滿情緒，市場(chǎng)上已經(jīng)對(duì)TJX的公司的信任度有所轉(zhuǎn)移。“ In a survey that the analyst firm will release next week, Javelin found strong evidence that consumers are likely to vote with their feet. "They are really giving a strong indication that, if they know about a data breach--and TJX is really the most publicized to date--there is a strong chance they will never shop at that store again," Cundiff said. 下周將得出更詳細(xì)的調(diào)查結(jié)果，Javelin發(fā)現(xiàn)TJX客戶的一些情況：“他們的想法很明顯：如果他們知道TJX的用戶信息被盜——如果TJX宣布了這個(gè)消息——那么他們將不再去TJX的商店買東西了。” ? The retail giant is besieged with consumer legal actions as well. According to the annual report, consumers have filed 12 lawsuits against the company in the U.S. and another six in Canada. A group of Massachusetts banks have filed a lawsuit for the cost of replacing consumers' credit cards and other damages, and the Arkansas Carpenters Pension Fund, which reportedly owns 4,500 shares of the company, has commenced proceedings to open up the company's books. 公司也承受著被消費(fèi)者起訴的困擾。在年度報(bào)告中分析：在美國(guó)法律中，消費(fèi)者可以通過(guò)12個(gè)法律條款來(lái)起訴他們，而在加拿大則有6項(xiàng)條款。在Massachusetts（美國(guó)州名）州的一些銀行已經(jīng)開始整理相關(guān)的法律文件來(lái)應(yīng)對(duì)突發(fā)事件。據(jù)說(shuō)，Arkansas Carpenters Pension基金公司則已經(jīng)開始整理所屬4500個(gè)用戶的相關(guān)信息。 The U.S. Federal Trade Commission and a group of 30 states' Attorneys General have started separate investigations. The Office of the Privacy Commissioner of Canada has also initiated a formal investigation, TJX stated in its report. 在TJX的報(bào)告中指出：美國(guó)聯(lián)邦商業(yè)委員會(huì)的30個(gè)國(guó)家的首席部長(zhǎng)已經(jīng)開始逐個(gè)調(diào)查他們所屬系統(tǒng)情況。在加拿大的調(diào)查委員也已經(jīng)展開了秘密調(diào)查。 The company has hired IBM and General Dynamics to help investigate and improve its security. In addition, the U.S. Secret Service is investigating the intrusions. 公司已經(jīng)雇傭IBM和General Dynamics（國(guó)防承包商）公司來(lái)幫助他們完善和增強(qiáng)他們系統(tǒng)的安全性，最后由美國(guó)安全服務(wù)商來(lái)調(diào)查入侵者情況。 ?

總結(jié)

以上是生活随笔為你收集整理的TJX theft tops 45.6 million card numbers——TJX公司被盗取45600000卡号的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。