"Among other things, the company protected wireless networks with Wired Equivalent Privacy, an encryption scheme that can be broken in less than an hour using off-the-shelf hardware and software"

If you use WPA, you can't play network games on your Nintendo DS during your lunch break! Who cares about data protection, staff welfare comes top...

Pity they 'TJX' did not try and save even more and outsource to China, that would have been fun.

For the love of Christ! Talk about a slap on the wrists! Those bastards should be run out of business for being that f-ing stupid. I've worked cleanup on several smaller security breaches, involving credit card theft and proportionately, that is nothing compared to the fines that are being handed down by the CPI folks, to vendors who have had problems.

One merchant I worked for spent over 100,000 dollars in fines, fees and other associated costs over 20 fraudulently utilized credit cards, that were ultimately traced back to their establishment. While the fines, in my opinion, were a little on the heavy side for such a small merchant, 40 mil is nothing for a giant like TJX. And when you look at the number of cards compromised vs the penality they received, compared to the fines that smaller merchants are getting, TJ Max is essentially getting a free pass for fucking up.

What the hell is wrong with this picture?!

Peanuts , compared to the undeclared annual fraud losses to all tourist users of Mastercard and Visa for many foreign banks funding the wealthy lifestyle of a number of very well connected thieves and pirates in those two countries alone!

The thieves in both those two countries make the 419'ers in Nigeria look like they have yet to graduate from kindergarten and have very deep hooks with extensive payola scams into the numerous government and assorted bank officials as well !

What price a choice ?

"And when you look at the number of cards compromised vs the penality they received"

even with my shoddy maths, i make that less than a dollar a card. disgraceful.

I agree with you completely, which is why I am so outraged with what I feel is a slap on the wrist, for a corporation like TJ Max. Personally, I think the fine should have been 20 times higher. Secondly, I think the credit card companies should have gotten spanked, too. If their cards weren't so easily duplicated, either physically or by electronic means (eCommerce), then maybe we wouldn't be in the mess we are today.

Furthermore, if they weren't so stupid and were dealing credit cards out to every fool with a pulse then maybe we wouldn't be paying loan-shark-like interest rates.

A late comment but perhaps of interest: I went into a TJX store today, a "Winners/Homesense" place. To my delight they had a stock of excellent Costa Rican Terrazu coffee. When I went to pay, however, the bastards tried to nail me for both provincial and federal sales taxes. (Geographic reference: British Columbia, in Canada)

Coffee beans are subject to neither of these taxes. It took 5–10 minutes for the cashier to figure out the rather elaborate sequence of keystrokes necessary to override what the TJX computer thought the tax status of these goods was.

I don't understand why this was a problem, since every store in BC has to cope with the fact that some goods are not taxed at all, some get only provincial sales tax, some only federal, and some both. (Except food items, most items fall into the last category.) What I smell is an underhanded way to collect taxes that may never be remitted to the relevant government. But it may be, like their credit card data fiasco, simple incompetence.

Another data point re corporate IT incompetence.