Are You Kiddin' Me?, General, Security

TJ Maxx Latest News

March 30, 2007

Today, I read a very interesting article by Evan Schuman of eWeek regarding the TJ Maxx data theft. The title of it made me pause: “The Nightmare Scenario: What if TJX Did Everything Right?”. I admit, I had thought of that previously but dismissed it since TJX was being rather tight-lipped about the incident. To me, that silence meant they must have been negligent in some way. And, since my wife’s data was stolen in the TJX database hack, that sealed my opinion. However, as I said, the title of that article caused me to reflect, what IF TJ Maxx did everything right?


Get Equifax Credit Watch
It appears that TJX WAS encrypting data and it appears that the thieves got around that encryption by stealing a copy of the software encryption key AND by stealing the data just before it was encrypted. That should make ANY retailer perk up and take note.

This information in itself still does not mean that TJX did everything right; it just means that there may be more to the story. MasterCard did confirm that TJX had violated the PCI rules, but maybe the majority of the problem was because the thieves were really good at their job as opposed to TJX being really bad.

We still do not know exactly HOW the thieves got access to the encryption software, if it was an inside job or if they found it during their intrusion. But, maybe we will get more information in the coming days and weeks. Anyone with an e-commerce website or retail store should pay particular attention to this case because there are sure to be some valuable lessons learned.

As for me, I suppose I should reserve final judgment until the dust settles. I am still not shopping there, although I bet they are about the most careful retailer out there when it comes to sensitive data.

designer

CCT

Are You Ready?

When you are ready to get more specific information about your project, click here and fill out our handy online form for a free web design quote.

Get My Free Quote

you need a website?
we can help

    order a project

    arrow

    Recent Posts

    In Web Design

    Domain Name Services fake letter.

    Are You Kiddin' Me?, General, Security

    Domain Name Services Scam - Kind of

    Mar 30, 2007

    Today, I read a very interesting article by Evan Schuman of eWeek regarding the TJ Maxx data theft. The title of it made me pause: “The Nightmar...

    Captivating Website Design - Morehead City NC

    Are You Kiddin' Me?, General, Security

    Web Design Basics

    Mar 30, 2007

    Today, I read a very interesting article by Evan Schuman of eWeek regarding the TJ Maxx data theft. The title of it made me pause: “The Nightmar...

    Dynamic Web Design in Morehead City NC

    Are You Kiddin' Me?, General, Security

    Three Common Web Design Mistakes

    Mar 30, 2007

    Today, I read a very interesting article by Evan Schuman of eWeek regarding the TJ Maxx data theft. The title of it made me pause: “The Nightmar...

    arrow

    Go to our blog