Privacy experts: TJX breach was 'foreseeable'

Privacy experts: TJX breach was 'foreseeable'

Summary: A report by Canadian privacy authorities has concluded that the retailer failed to put in place adequate security measures

SHARE:
TOPICS: Security
0

The risk of a breach of sensitive personal information held by retail giant TJX earlier this year was foreseeable, but the company failed to put in place adequate security safeguards, an investigation by privacy authorities in Canada has concluded.

The report, released on Tuesday, reached some damning conclusions.

"The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it — putting the privacy of millions of its customers at risk," said the privacy commissioner of Canada, Jennifer Stoddart, in the report.

Modern crime made a large-scale breach of this kind inevitable, Stoddart concluded. "Criminal groups actively target credit card numbers and other personal information," she said in the report. "A database of millions of credit card numbers is a potential goldmine for fraudsters and it needs to be protected with solid security measures."

What made such a breach more likely was that the information had been kept for a long time, she concluded. "The TJX breach is a dramatic example of how keeping large amounts of sensitive information, particularly information that is not required for business purposes, for a long time can be a serious liability."

Stoddart said the affair was a "wake-up call" for all retailers.

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

Frank Work, the information and privacy commissioner of Alberta, added: "They must collect only the personal information necessary for a transaction."

TJX disclosed in January that its computer system had been breached, putting millions of credit and debit card numbers as well as other personal information at risk. In May, TJX said it believed the hackers gained access to its information via the Wi-Fi networks.

Details of 45 million customers of the TJX group, which includes TK Maxx in the UK and other stores in Ireland, the US and Canada, had been put at risk.

TJX could offer no comment at the time of writing.

Topic: Security

About

Colin Barker is based in London and is Senior Reporter for ZDNet. He has been writing about the IT business for some 30-plus years. He still enjoys it.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion