TJX: Dumber and Dumbererest

Just when you thought the TJX data breach couldn't get any uglier, it does.


In documents filed with the court last week, a group of New England banks claim that the clue-challenged retailer had 94 million credit card numbers stolen by hackers - or more than double the previous number TJX had claimed.

The other numbers are equally staggering:

  • The hackers moved more than 80GB of data across the Net from TJX's servers to a site in California. TJX never noticed.
  • The thieves installed a sniffer on the TJX servers for more than 7 months, stealing unencrypted data as it passed through the network. TJX never noticed.
  • Estimated losses from the theft range between $68 million and $83 million - surpassing the biggest bank heist of all time. Of course, TJX doesn't have to pay out, the banks do.
  • TJX failed to follow 9 of the 12 high-level security procedures outlined by the Payment Card Industry guidelines (but hey, 25% is better than nothing, right?).
  • According to the banks, security consultants notified TJX that its systems were about as secure as wet tissue paper back in 2004, or about a year before the breach occurred.

Yet despite all this, sales at the company's stores (which include TJ Maxx, Marshalls and Bob's Stores) are actually rising.

I can only think of one thing dumber than TJX's behaviour in this case, and that's anyone who still shops at their stores. Or at least, who pays with anything but cash.