Why the TJX Security

By Debra Donston  |  Posted 2007-01-18 Print this article Print

Breach Is Different"> The old(er) I get, the more I think my parents were right about most of the things they did. And, with the recent announcement that TJX computer systems had been robbed of untold amounts of private customer information, I know they were right about dealing with cash.

TJX, which operates the T.J. Maxx and Marshalls chains, among other stores, revealed that the computer systems that process credit, debit and return transactions had been breached and customer data stolen.
Were hearing about it now, but the actual hack occurred in December. As I understand it, anyone who has shopped at any of TJXs stores in the last four years is at risk (a number of people that TJX officials have been quoted as saying is "substantially less than millions"—how comforting).
The TJX incident is different from many others weve heard about in the last couple years in that data was maliciously and pointedly stolen, rather than inadvertently lost or happened upon. Click here to read more about TJXs corporate data theft. In the case of the Veterans Administration, for example, a VA employees laptop was stolen. The private information of millions of U.S. veterans was stored on the laptop, but the thief apparently didnt know that and wasnt after the info in the first place. (And, he or she probably couldnt believe that someone would be so stupid as to store that kind and amount of data on a device that could walk off the VA premises.) But the TJX incident is just like all the others in that the victims of the crime—potentially you, me and anyone who has shopped at T.J. Maxx or Chez Marshalls, as we call it in these parts—have to clean up any mess that results because of it. Oh, there are plenty of how-tos and best practices out there that will tell you how to protect yourself from a data theft and/or how to fix things after such a theft occurs. But the onus is always on the victim. YOU need to check your credit report for any untoward activity; YOU need to check your bank accounts to make sure it was really you who debited that $2 for a Dunkin Donuts coffee; YOU need to be on guard for any institution asking for more personal data than is absolutely necessary for the transaction at hand; and so on and so on. All of this takes time and know-how. And its getting really frustrating to have to run through this process every time a new breach is reported. How about if the institutions that are more than happy to take our money also take care—real care—of our personal data? How about banks and credit card companies keeping watch so that their customers dont have to (or dont have to so closely)? How about the legal system giving victims of identity theft ongoing support as they work to clean up their good names? How about the government passing effective legislation that will hold institutions criminally liable for not protecting the personally identifying information in their care? For now, it seems that the only way to really protect yourself is to adopt a cash-only mentality. Kids, meet the twenty-dollar bill. Deb Donston can be reached at debra_donston@ziffdavis.com. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel