May 11, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« I Missed a Good One | Main | The Rapidly Changing World of Security: A Talk With Sophos »

April 01, 2008
TJX Gets Slap on the Wrist

Anyone waiting for the official penalty for TJX's lax and often egregious disregard for customer data needs to wait no further. I'm sure you all know the story by now of TJ Maxx's (which is owned by TJX) massive data breach, but if you need to catch up quick, just click here.

According to Network World, in a settlement by the FTC, the company will be required to implement extensive security programs as well as obtain audits by independent third parties every other year for 20 years (that's an audit every other year, not implementing security programs every other year).

The FTC found TJX failed to take reasonable and appropriate security measures to protect unauthorized access to a wealth of personal data. The specific charges against TJX, taken from Network World, were as follows:

* Created an unnecessary risk to personal information by storing it on, and transmitting it between and within, its various computer networks in clear text;

* Did not use readily available security measures to limit wireless access to its networks, thereby allowing an intruder to connect wirelessly to its networks without authorization;

* Did not require network administrators and others to use strong passwords or to use different passwords to access different programs, computers, and networks;

* Failed to use readily available security measures, such as firewalls, to limit access among its computers and the Internet; and

* Failed to employ sufficient measures to detect and prevent unauthorized access to computer networks or to conduct security investigations, such as patching or updating anti-virus software.

Going forward, TJX pretty much has to do what any sane and sensible consumer orientated company should be doing already anyway. Makes you wonder what TJX plans to do once the 20 years are up? Maybe start selling your personal information in store...you know, get a free working credit card number with the purchase of 3 pairs of dress socks!

But things aren't totally finished, as the credit card companies still have a lawsuit against TJX which has yet to be settled. And that'll hit TJX where it hurts most -- right in the wallet.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3305

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
BAM for BPM Survey Results Are In! Learn What’s Driving New BAM Investments
Date: May 13, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Avoid the SOA Pitfalls that Prevent ROI
Date: May 15, 2008
Time: 14:00 PM ET
(18:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map