
Flimsy security safeguards blamed...
By Colin Barker
Published: 27 September 2007 08:53 GMT
The risk of a breach of sensitive personal information held by retail giant TJX earlier this year was foreseeable but the company failed to put in place adequate security safeguards, an investigation by privacy authorities in Canada has concluded.
The report, released this week, reached some damning conclusions.
The privacy commissioner of Canada, Jennifer Stoddart, said in the report: "The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it - putting the privacy of millions of its customers at risk."
silicon.com's Full Disclosure campaign - what we are asking for...
silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below, emailing us at editorial@silicon.com or signing the 10 Downing Street e-petition.
Modern crime made a large-scale breach of this kind inevitable, Stoddart concluded. "Criminal groups actively target credit card numbers and other personal information," she said in the report. "A database of millions of credit card numbers is a potential goldmine for fraudsters and it needs to be protected with solid security measures."
What made such a breach more likely was that the information had been kept for a long time, said Stoddart. "The TJX breach is a dramatic example of how keeping large amounts of sensitive information, particularly information that is not required for business purposes, for a long time can be a serious liability," she said.
Stoddart said the affair is a "wake-up call" for all retailers.
Frank Work, the information and privacy commissioner of Alberta, added: "They must collect only the personal information necessary for a transaction."
TJX disclosed in January that its computer system had been breached, putting millions of credit and debit card numbers as well as other personal information at risk. In May, TJX said it believed the hackers gained access to its information via the wi-fi networks.
Details of 45 million customers of the TJX group, which includes TK Maxx in the UK and other stores in Canada, Ireland and the US had been put at risk.
TJX could offer no comment at the time of writing.
Colin Barker writes for ZDNet UK
Ideally you will have come from a credit card/ banking background. Business Analyst. You will have recent experience of working within Bank that ...
Job Title: Campaign Analysis Manager Location: London Salary: 55,000 - 65,000 + Bonus, London Weighting (3,500) & Benefits Overview To lead ...
Deliver a report recommending measures to ensure compliance with the data protection legislation. You will need to have practical expertise in the ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business