Skip to main content

TK Maxx - seriously hacked, but I told you so...

I was more than a little amused at the flurry of media activity on Friday about the computer systems of TJ Maxx's parent company, TJX, being well hacked until January of this year.

Amused, because I actually reported on this saga in January and February, with the comment that the sage was likely to run and run.

It seems that the situation, which resulted in the transaction details of more than 45 million cards worldwide being potentially open to fraud, merited a financial filing by TJX and this was the hair trigger that set off the reports from the mainstream media.

The financial filing confirms what I suspected all along, namely that the card data was not encrypted on TJX's computer systems.

It's also interesting that the card transactions from TJ Maxx's UK stores are being processed - in sterling - in the US.

This is an interesting development on the card processing front and could have serious repercussions on the data protection front, since normal UK and EU data processing legislation is only partially valid in such cases.

I doubt, for example, whether the UK's Informationer Commissioner, would have anything to say about the TJX hack, other than to shake its collective head and say little more than tsk.

Which just goes to show how poorly-equipped the UK's legislation is to cope with global cybercrime issues...