TJX's Offer To Its ID-Theft Victims Deserves Scrutiny
More Analysis of TJX's Offer To Its ID-Theft Victims

Canadian Officials Criticize TJX's Data Security

More about TJX from yesterday's Daily Business Update:

"Retailer TJX Cos. failed to put in place adequate security safeguards to protect customer information, the privacy commissioner of Canada said today."

TJX operates the Winners and HomeSense retail chains in Canada. The news article explained further:

"A joint investigation by Canada's commissioner of privacy and Alberta's privacy commissioner was launched after TJX, the Framingham-based operator of such chains as T.J. Maxx and Marshalls, disclosed in January that its computer system had been breached, resulting in the theft of millions of credit card and debit card numbers..."

Perhaps most importantly:

"The company collected too much personal information, kept it too long, and relied on a weak encryption technology to protect it - putting the privacy of millions of customers at risk..."

Do you still want to shop at Marshalls, HomeGoods, and/or TJ Maxx? First, read this background about TJX's out-of-court settlement. Then, read a January 2007 TJX press release about how TJX was improving its data security:

"[TJX] immediately engaged General Dynamics Corporation and IBM Corporation, two leading computer security and incident response firms. TJX has been working aggressively with these firms to monitor and evaluate the intrusion, assess possible data compromise, and seek to identify affected information. These firms have assisted TJX in further securing its computer systems and implementing security upgrades."

Yep! That's the same IBM that suffered its own data breach in February 2007 and lost an undisclosed number of records with sensitive personal data about its employees and former employees.

Last, the N.H. Department of Justice web site posts copies of all data breach notification letters it receives. I checked the site this morning and noticed that TJX hadn't updated their January breach notification letter, portions of which contain old and obsolete information.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

ed dickson

George,

Nice blog. If you would, please drop me a line at EdwardDickson@sbcglobal.net.

Can't seem to find a e-mail address for you.

The comments to this entry are closed.