It is certainly shaping up to be a good week for TJX.
As the whole world enters a new era with the inauguration of US President Obama, TJX’s world view has improved in ways they would not have predicted a few months ago.
On one hand, the company holds its long-anticipated “Customer Appreciation Sale” to ....express our appreciation to customers for their continued support and patronage following the criminal attack(s) announced on our computer systems two years ago (Their words). This event is part of their court settlement, linked to what was then the biggest ever data breach. They are offering a 15% discount off any purchases in their stores, apparently.
On the other hand, it seems their not-at-all-jealously-guarded record may well have been taken from them in the same week, with the colossal breach at Heartland Payment Systems, whose attempt at news management seems to have backfired. They have been castigated widely not only for the breach, but for their crass attempt to bury the news in Inauguration Day.
It’s a great week for TJX, then. They have the prospect of the security world switching its byword for a huge breach from “TJX” to “Heartland” at the same time as they get publicity for a 15% sale. Now I maybe a touch cynical, but in the current economic climate anyone who only gets a 15% discount off any High Street retailer is not really trying very hard.
But what does this tell us about lessons learned in IT security? Two years on from the TJX breach, an even bigger incident, sounding remarkably similar in nature from initial reports, hits the headlines. Both firms promised to invest heavily in new security straight after the event. Isn’t it time for increased corporate accountability? And isn’t PCI supposed to ensure we avoid events such as these?
We don’t know much yet about the details of the Heartland breach, but the ramifications have to extend beyond the company itself. In the meantime, while we wait for the details, let’s smile for TJX who are having a really good week.