With the recent news that T.J. Maxx had a worse security breach than originally reported, maybe it's time for the retail industry to re-prioritize their IT dollars.
An ongoing investigation into the security breach has revealed that, while the company previously believed that the intrusion took place from May 2006 to January 2007, TJX now believes its computer system was maliciously hacked in July 2005 and on various subsequent dates in 2005.
Even worse, the company now believes portions of the credit and debit card transactions at its U.S., Puerto Rican, and Canadian stores — excluding debit card transactions with cards issued by Canadian banks — from January 2003 through June 2004 were compromised. TJX, whose assets include 826 T.J. Maxx, 751 Marshalls, and 271 HomeGoods locations, had previously reported that the 2003 transaction data had potentially been accessed.
Do you know why Y2K never happened? Well, beside the fact that Y2K fear-mongers assumed that if our computer systems failed, people would just give up and walk off the job. It was because companies took a potential security threat seriously and spent money to have it fixed. Here we have an example of a retail chain with insecure systems that were exploited. While the perpetrators should be in prison, the company should know better than to store data in plain text in the database.
I know of another major retail chain (a previous customer from my consulting days), who has an antiquated point of sale system that stores customer credit cards in plain text as well as employee social security numbers.
These older systems need full security audits and upgrades. Many of the companies are spending millions on Sarbanes Oxley (SOX) compliance, which can be an excuse to upgrade insecure systems, if anything good can come from that excrement of legislation.
My biggest fear of these seemingly daily reports of security breaches will eventually give our ever-legislative happy congress an excuse to draft even more laws for already over-regulated industries. You know they want to and they will if the business community doesn't begin to take security seriously.
Popularity: 1% [?]
Unrest by Parkway Drive