June 21, 2008

Privacy & Security Watch: TJX Fires Employee for Disclosing Security Problems

As readers of this newletter know, TJX, the parent company of T.J. Maxx, Marshalls, and Home Goods stores, had a serious security breach over a long period of time. (See http://www.TheKuperReport.com/2007/03/stolen-data-from-tjx-tj-maxx-marshalls.htmland subsequent articles on this subject). Well, it seems they still haven't learned from their mistakes. According to this article, a young employee in a Lawrence, KS T.J. Maxx store tried, but failed to convince management that running their server in administrator mode and giving everyone id's with blank passwords was a very bad and insecure thing to do. So he anonymously posted about this lack of security to an online forum. TJX found out it was him and they fired him. No word on whether they address this serious security breach.

Richard L. Kuper
The Kuper Report
http://TheKuperReport.com