« Army, Navy, Air Force, IT | Main | The Superbowl Hack »

The recent report of a data breach at TJX companies, which is the parent company of TJ Maxx, would make a perfect cautionary tale of how not to store data five years ago, let alone in 2007.

As detailed by EWeek, "TJX officials said that outsiders were specifically able to gain access to the portion of its computer network that retains its customers' credit card, debit card and check information, along with data related to merchandise return transactions."

The breach included data all the way back to 2003, and the blame can be laid squarely on TJX, which did nothing to secure the data. And while TJX is still trying to keep the full story under wraps, apparently the data involved included customer records that were stored much longer then what is considered reasonable.

This story seems a clear case of a company unwilling to recognize the digital threats of the world we live in and were unable to see the value of data they thought worthy enough to gather and keep, but not to protect. Very simply, the customer data at TJX was not secured and encrypted in any way, and was really just waiting for someone to come take it.

As EWeek stated, it’s not entirely the fault of management who appoints a CIO then fires the CIO when something tech goes wrong. Blame can also be assessed to the technical staff, a few who must have been aware of the availability of all this unprotected data and never bothered to mention the looming disaster with upper management.

The simple lesson is this is not to wait for governmental regulation regarding cusomter data but, if you see the potential for a data breach within your data storage, say something, and say it load. After all, the survival of your company could depend on it.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1267