Surprise, surprise. A company has giant data breach due to negligent security, but not to worry! They'll protect you by offering you credit monitoring for one year free!

It would be nice if people could spot this B.S. easily by now, but I'm guessing there are a lot that won't so let me spell it out. Credit monitoring is a waste of your time and is likely only offered to make it seem like they're doing something for you when they probably don't. I wouldn't be surprised to find out that the credit monitoring companies have a "data breach plan" where companies can get a bulk discount by offering monitoring to all their victims.

It's a classic win-win-lose. The breach company wins PR points, the monitoring companies continue to make money for not providing any real service, and we all lose.

If you're worried about id theft, just freeze your credit reports!

They had it, they shouldn't have, now they lost it. Same story all over.

The funniest part of this is that they're trying to convince their public that it's a good idea to have a national ID card containing even more data and that they'll be responsible with that data.

Said someone from an anti-ID card group:

"It's inevitably good news for our campaign because it proves to people that this government, and indeed any government, cannot be trusted with this amount of information. For 25 million people this is a catastrophe but it is just a small herald of the national ID scheme which would mean a potential catastrophe for 60 million of us."

TJX, the company that is known for having the largest data breach in history (so far), has not implemented better security and might have gotten worse. The employee that blew the whistle on them has been caught and fired for it.

TJX now has a firm that scours the internet to find bad things posted about them, which is how they found the message and fired him for it. Too bad they don't appear to have hired anyone to beef up operational security or to convince people to use strong passwords.

Hey! That probably means they'll find THIS page. Sweet.

If that's the case, then here's my message to them: Stop storing all that personal data about us against our will and you won't have to pay for more security. You can't lose what you don't have, duh!

TJX has settled under charges that they had insufficient computer security protecting their systems, but the only thing TJX must do under the settlement is upgrade their security. Woo.

And this:

"By now, the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure," said FTC Chairman Deborah Platt Majoras. "Information security is a priority for the FTC, as it should be for every business in America."

If you've been following this breach, the key problem here is two part:

1) TJX is the parent company of several other companies including TJ Maxx. Each of those companies shared data with TJX creating a massive database (and a single target for the hackers).

2) TJX (and others) shouldn't have stored the credit card data in the first place and when they did, they should have used better security.

Though they'll blame "clever hackers" for the breach, the fault instead lies squarely with TJX who's business practice of storing credit cards against people's will along with negligent use of outdated wireless encryption (WEP) first created a giant target and then then left a gaping hole for the bad guys to bea able to go and get it.