TJX in the News Again
TJX is once again in the news. Nick Benson, now a former TJ Maxx employee in Lawrence, Kansas, was recently fired for posting entries on a news group site concerning poor information security practices within TJX.
Benson’s postings among other things state that after the news of the massive data security breach at TJX surfaced, TJX had, announced that many of its security practices were being tightened. Benson noticed, however, that the password for employee computer access at his store was blank and that it was possible to choose a password that is identical to one’s username.
The basis for firing Benson was unauthorized disclosure of confidential information.
My first reaction when I read this news item was that it was quite foolish of Benson to risk all that he did and ultimately pay the price he did simply to expose his employer’s owner corporation for its alleged poor security practices. But then I got to thinking about the magnitude of the data security breach that TJX experienced well over a year ago and the fact that dismally poor security practices were so directly linked to this massive breach.
As part of the settlements that were reached as the result of this breach, TJX agreed to make a large number of improvements in its practice of security. What Benson appears to have uncovered and then announced was the fact that TJX is ostensibly not complying with the terms of these settlements—a potentially very serious issue. Perhaps worse yet, TJX is by its apparent failure to adequately protect its own systems could still be exposing its customers to the potential of identity theft.
One would think that after what many TJX customers went through as the result of its gigantic data security breach, there would now be a greater amount of corporate concern and conscience regarding the welfare of its customers, but apparently not.
To me, therefore, Benson is now starting to look more and more like a hero. I predict that Nick Benson will soon find another job, if he has not already done so. I would, in fact, be most happy to help him find another job, should he choose to send me his resume’.
To me, however, the bigger issue concerns the need for change within senior management at TJX, management that appears be simply not get it when it comes to information security issues.
Ugly stories about TJX and its security deficiencies are being widely circulated in the media, hurting this company’s reputation in the eyes of the public considerably. Additionally, the possibility of legal consequences in which TJX may have to pay huge fines and face even more lawsuits than it currently faces and in which officers of this corporation could also face fines and possibly even jail time is now higher than ever.
As far as my own personal behavior concerning shopping at TJ Maxx and Marshalls stores goes, I continue to refuse to use my credit card for anything I purchase at both of these stores.
I recently purchased about $40 of merchandise at a local TJ Maxx store, and when the person at the check-out counter asked me if I wanted to pay by cash or credit, I immediately replied “cash.” I then explained why, but apparently to no avail. Interestingly, the TJ Maxx employee had never heard neither of TJX’s massive data security breach nor of lax security practices within this chain of stores. I walked away wondering if the same might be true of TJ Maxx senior management.
