Back in March TJX Stores disclosed that 45.7 Million Credit card numbers and customer personal information was stolen. In addition 455,000 drivers license number were stolen. Today they released a statement not admitting fault but accepting all of the network and policy changes recommended by the federal agents investigation. (how’s that for a fine line?)
T.J. Maxx; Marshalls; Home Goods; AJ Wright and Bob’s Stores in the US plus additional brand in the UK, Canada and Ireland are all effected.
Criminals hacked the network from a wireless connection at 2 Miami based stores. Because that wireless connection was not properly secured, 45.7 million people are likely to have their credit cards stolen. So if you shopped at any of those stores, watch your credit cards carefully because your number is now for sale on the Internet.
I had my credit card numbers stolen once. It’s a hassle and they don’t go after the people that use these number illegally. I was mad enough to go to court then I found that I didn’t have standing. Even though I had to pay $50 to Visa; to our legal system Visa is the injured party not me.
My loss was $50 and bunch of time. Fortunately they didn’t have enough information about me to steal my identity. If they did, they would have opened additional credit cards in my name and ruined my personal credit while making my life a living **ll. This is where businesses have to be very cautious. While I can’t sue the person who used my card, I can sue the company that gave out my personal information. TJX companies is facing down a class action lawsuit right now and actually moving forward with that will probably save them a lot of money. But small companies like our don’t have pockets that deep.
It really only takes a very small number of lawsuits to bring down a small business like the ones we run. We all have customer data. Even if we don’t have credit card numbers, we have other personal information and it’s probably enough to let the bad guys open a credit card with. Don’t think that you don’t have valuable information. You do and hackers are no longer out to just delete stuff off your network, they are out for cash. So any names, phone numbers, addresses are a valuable commodity, not to mentioned passwords, usernames, drivers license numbers, credit cards, and the king of them all Social Security numbers. Even if you don’t hold this information for your clients you probably do for your employees.
There are two things to do:
1. Don’t ask for information you don’t need.
2. Destroy your old data on a regular schedule.
Breaking it down.
If you don’t absolutely have to have that information, then don’t ask for it. Every piece of data you have, is a potential liability waiting to happen.
When you are done with it destroy it. TJX wouldn’t be in this spot if they didn’t keep data so long. Theirs went back to 2002. They haven’t publicly said what the new policy is going to be but expect it to be only a few months. Then automatic destruction.
Here’s what you should do today: Set a Data Destruction Policy. Use the highest security available for your wireless connections. Yes, it can be annoying, but it’s your company we’re talking about here. Being secure is worth the price. Because finding out after the fact can be deadly.