RSSSecurity lapses might cost you more than your reputation
At least if new developments in the TJX data breach case play out in favor of the plaintiffs.
Several banks are suing the company, which probably first came to your attention earlier this year as yet another in a long string of companies to lose valuable customer data, in hopes of recovering some of the losses they incurred for covering the clean up from the mess. As most card holders are aware, the card issuer is responsible for dealing with and absorbing the costs of lost or stolen cards as long as they are informed in a timely manner. But while the pain and difficulty of cleaning up your personal matters is generally incentive enough to keep track of your cards on an individual basis, apparently the resulting poor publicity has done little to persuade retailers—the other half of the exposure—to do likewise.
According to court documents published by Larry Dignan, the banks are alleging that TJX's neglect of security best practices was both known to the company and directly responsible for the breach… and since TJX, therefore, could have prevented the loss, it's time for them to pay up.
As Dignan notes, this case may provide significant precedent to encourage retailers to deal with card information more carefully… and that's a good thing.
It’s amazing that companies that deal with sensitive, confidential type of consumer information aren’t following best practices. I went to a presentation once where an FBI special agent indicated most breeches like this aren’t ever reported. One reason is of course reputation for the company, but if others start to get sued over similar lapses in data security this might drive companies toward better, tighter security practices in the first place.
http://thehub.rasmussen.edu