The intrusions, by TJX hacker Albert Gonzalez and his overseas accomplices, occurred beginning in October 2007. J.C. Penney admits it was “wholly unaware” of the breach until the Secret Service told the company about it in May 2008, but now says with certitude that no identity or bank-card data was stolen in the breach it failed to detect. That’s why the company didn’t want to be identified to the public, says spokeswoman Darcie Brossart
“Because there was no reason to think that the hackers were successful, there was no need to alarm J.C. Penney customers,” says Brossart, “We believed we had a legitimate interest in not being linked to criminal activity that resulted in major thefts from other companies.”
So in court filings, J.C. Penney argued that it was entitled to anonymity under the 2004 Crime Victims’ Rights Act, a law intended to protect the “dignity and privacy” of victims. A federal judge on Friday ordered the company’s identity unsealed anyway, as well as that of a second breached company, clothing retailer Wet Seal.
It’s a familiar story. Companies have never been eager to have their security slip-ups revealed to consumers. What was different, and remarkable, this time around is that an assistant U.S. attorney argued that J.C. Penney and Wet Seal should be identified. The lead prosecutor in the largest identity-theft hacks in U.S. history argued for disclosure.
Read more: wired.com
Posts
No comments:
Post a Comment