Data Breach Security: TJX is Our Fault!
The TJX security data breach is our fault.
TJX Cos. has been ordered to pay $9.75M in a data breach security lawsuit. The data breach settlement will be awarded to 41 states because TJX failed to protect customers’ financial information from a massive computer breach announced in 2007 that exposed millions of customers’ personal and credit card data to hackers.
The settlement amount is probably the largest ever, and it is comically low.
TJX lost somewhere between 40 and 90 million customer records, and there is a good chance yours was one of them if you shop at T.J. Maxx, Marshalls, HomeGoods or A.J. Wright. If only 10% of those breached records were ever used to commit identity fraud (let’s say 7.5 million records, to be conservative), at the average cost of identity theft recovery ($700), the damage to you and me is approximately $490 Million. So TJX paid about a 2% penalty for failing to protect our data. They value the safety of our being a customer at about 2%. They care about their own profits about 98%.
And it’s our fault! Why? Because even after their lax data breach security (they didn’t encrypt their wireless routers in the store, letting our information float, unprotected, in the airwaves), even after their loss of 40-90 million records; even after an expose on 60 Minutes, we continue to do business with TJX Cos! If the guy mowing your lawn stole from you, would you continue to hire him? No! And yet when a $300,000 identity is at stake, we shrug and let apathy take over. Because it is virtual, digital and seemingly unreal. But when it happens to you, and you spend your time and money repairing it, it quickly becomes real. Shame on us for going so quickly back to those who erode our trust. Until we take our role in data breach security seriously, organizations will continue to get off lightly.
The next time an organization makes you part of a privacy breach, penalize them by ending your relationship. That will send a message loud and clear.
Identity Theft Expert John Sileo is America’s top identity theft speaker. His clients include the Department of Defense, FDIC, Federal Reserve Bank, Pfizer and organizations around the world.
If you represent the Federal Reserve you may not know that 33,000 employees’ data was breached because CDs being transported were not encrypted. Not even the Fed is vigilant.