(Image used under: Creative Commons 2.0 [SRC][Mod])

TJX, the company that is known for having the largest data breach in history (so far), has not implemented better security and might have gotten worse. The employee that blew the whistle on them has been caught and fired for it.

TJX now has a firm that scours the internet to find bad things posted about them, which is how they found the message and fired him for it. Too bad they don't appear to have hired anyone to beef up operational security or to convince people to use strong passwords.

Hey! That probably means they'll find THIS page. Sweet.

If that's the case, then here's my message to them: Stop storing all that personal data about us against our will and you won't have to pay for more security. You can't lose what you don't have, duh!

(Image used under: Creative Commons 2.0 [SRC][Mod])

TJX has settled under charges that they had insufficient computer security protecting their systems, but the only thing TJX must do under the settlement is upgrade their security. Woo.

And this:

"By now, the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure," said FTC Chairman Deborah Platt Majoras. "Information security is a priority for the FTC, as it should be for every business in America."

(Image used under: Creative Commons 2.0 [SRC][Mod])

Remember that TJX, the idiot company responsible for the biggest data breach in history, managed (somehow) to have part of their punishment include having to put their products on sale (oh, curses!)? Well, some Attorney Generals aren't satisfied with that.

It's nice to know that someone in a position of authority is actually paying attention.

(Image used under: Creative Commons 2.0 [SRC][Mod])

If you've been following this breach, the key problem here is two part:

1) TJX is the parent company of several other companies including TJ Maxx. Each of those companies shared data with TJX creating a massive database (and a single target for the hackers).

2) TJX (and others) shouldn't have stored the credit card data in the first place and when they did, they should have used better security.

Though they'll blame "clever hackers" for the breach, the fault instead lies squarely with TJX who's business practice of storing credit cards against people's will along with negligent use of outdated wireless encryption (WEP) first created a giant target and then then left a gaping hole for the bad guys to be able to go and get it.

Darn those hackers... so clever.

(Image used under: Creative Commons 2.0 [SRC])

This is so, so stupid. It's not weak security, its that you data-abused us for all our customer data that we didn't want you to keep anyway. If you hadn't stored all the data on us, you couldn't have lost it.

In addition to pilfering over 45 million—and possibly as many as 200 million—credit card and debit card numbers, the hackers were also able to obtain other personal data from over 450,000 customers. This included driver's license numbers and Social Security numbers.

I already know they don't need to store our credit cards, but licenses and SSNs?

You wouldn't have lost it if you didn't take it in the first place.

(Image used under: Creative Commons 2.0 [SRC][Mod])

In a not so surprising story, some large chain stores have been hacked and had their databases of customer information stolen creating a risk for their customers.

The end result is that consumers are often left completely in the dark when data breaches occur, wondering if they dodged a bullet, or if the inconvenience and frustration of fraud is simply waiting to hit them at a later date.

I hate these stories. If they didn't store so much data in the first place, this wouldn't even be a problem.