An Information Security Place

I just read this story over at SearchSecurity.com about the TJX breach.  It looks like someone is suing TJX because they didn’t release information about the breach soon enough.  The lawsuit also asks for TJX to provide credit monitoring, which TJX has said they won’t do.

A couple of things here.  Often this type of security issue is a catch-22 because you have to weigh public opinion with security reality.  If what TJX says is true about why they didn’t release info on the breach for a month, then I am OK with the delay (they say investigators asked them not to release the information at the start of the investigation, and they say it allowed them to figure out what happened and secure their system to prevent further breaches).  And if the proof holds up to this reasoning, then they can win that in court.

However, not providing credit monitoring could be a mistake.  TJX chairman Ben Cammarata says, “Based on the type of data involved in the breach of our systems, we don’t believe that such monitoring will be meaningful to customers.”  Uhhhh, do they know about this story??  Looks like some of the data stolen from TJX is being used to make fraudulent purchases.  And regardless, this is a public perception type of thing, Mr. Cammarata.  Even if the data was totally useless, it makes sense to dole out the funds to customers just to make them feel better, and to make them feel like you give a crap.

Of course, TJX may just be hedging their bets because these types of issues tend to blow over in a few weeks in the general public’s eye (I don’t think there are too many soccer moms reading my blog).  Of course, they could possibly loose the lawsuit and have to provide monitoring, and I think they will in the face of that story, if the case even makes it to trial.  They probably have good lawyers, and the whole thing will likely be settled out of court anyway.  Everyone involved will get 5 bucks, and it will be done.

So much for public disclosure laws.

Vet

There’s a new security blog out there, and it’s from the Great White North. It is called Security Views, and the guy who runs it is named Scott Wright.

I would like to welcome Scott to the fold. Good luck.

And of course, this post about a Canadian blogger would not be complete without a link to a clip from on of the greatest movies of all time, namely Strange Brew!

[ev type="youtube" data="A3DYbE44OIE"][/ev]

Vet

I apologize if you have made comments on some of my posts and have not seen them show up.  Akismet has had a few false positives over the last few days, and I am starting to get so much comment spam that I can’t catch them all.

Vet