The company was compromised for nine months, but now the scope could reach almost a year prior. The question is whether this is evidence of compromise by another group or the same group. Most if not all of the preventative systems TJX might have applied are worthless for response and forensics. I’m guessing TJX is relying on host-centric forensics like analysis of MAC times of files on artifacts on victim servers to scope the incident. This is the sort of incident that my future National Digital Security Board would do well to investigate and report.”]
Source: https://taosecurity.blogspot.com/2007/03/when-lawsuits-attack.html