The risk of a breach of sensitive personal information held by TJX Companies Inc., the US parent company of Winners and HomeSense stores in Canada, was foreseeable, but the company failed to put in place adequate security safeguards, an investigation by the Privacy Commissioners of Canada and Alberta has found.
"The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it - putting the privacy of millions of its customers at risk," says Privacy Commissioner of Canada Jennifer Stoddart.
Geoff Sweeney, CTO of Tier-3 went on to say that the TJX systems hack could easily have been prevented if the company had adequately protected its customer card database, as is the norm in most firms.
"Even though TJX got off relatively lightly so far, the fact that the legal settlement is already into nine figures should serve as a clear warning to other companies. Protect your customer database and other private information, or face the consequences," he said.
"Newswire reports suggest that TJX has settled its class action lawsuits in the US, Canada and Puerto Rico in connection with the security breach that affected at least 45 million credit and debit cards," said Sweeney.
"Although no precise amounts have been specified, TJX has said its estimated costs were included in a $107 million reserve detailed in its second-quarter financial report and its estimate of $21 million in future costs," he added.