by Mike Masnick
Mon, Oct 29th 2007 6:19pm
In the last few years, every time a massive data breach is reported, you can be assured of one thing: a few weeks after the initial report comes out, a second report will come out admitting that the breach was worse than previously expected. We saw it with Choicepoint. We saw it with the VA. It seems to always happen. In fact, with the now infamous TJX breach, we'd already mentioned that the problems were worse than originally announced -- making it the largest such breach ever reported. This wasn't surprising once you found out just how incompetent the company was -- failing to comply with nearly all of the credit card company's security guidelines and leaving their entire system wide open to anyone who could hack a simple insecure WEP WiFi system (something that's quite easily done). The data from the breach (unlike many other widely announced breaches) has already been used in numerous frauds, costing upwards of $60 million. With such astounding incompetence and a breach so large, should it come as any surprise that even the updated breach numbers weren't complete? That's right, thanks to documents being filed in the lawsuits against TJX, it's now coming out that the breach has impacted even more people than was earlier announced. Of course, the question still remains whether or not the punishment the company receives will matter. It doesn't seem like anything is really done to stop companies from being so careless, and there's no indication that's going to change in this case either.
If you liked this post, you may also be interested in...
- Yahoo's Security Incompetence Just Took $250 Million Off Verizon's Asking Price
- Ohio Arsonist Gets Busted By His Own Pacemaker
- The Codification Of Web DRM As A Censorship Tool
- The Story Behind The Hackers Behind The Largest Credit Card Number Heist
- Looks Like The Guy Who Set The Record For Largest Credit Card Breach Was Breaking His Own Record