2007 - The Year of the Data Breaches
It wasn't the only incident of data (in)security this past year, but it was possibly one of the worst data breaches in history. The story of the TJ Max data breach is perhaps little known by the general population, except by those who were victimized. That's reportedly near 100 million records of shoppers who used their credit cards last year at those stores. Even with its satirical tone, Chief Security Officer magazine rated this the worst of the worst of the 2007 data security breaches.
The TJX Companies, a large retailer that operates over 2,000 retail stores under brands such as Bob's Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright said on Wednesday that it suffered a massive computer breach on a portion of its network that handles credit card, debit card, check, and merchandise transactions in the U.S. and abroad.
Certainly, at the time, the press was full of stories about the breach and its potential impact. But what is now being disclosed is that the TJ Max people may have known about the data breach as much as two months earlier than they've let on. Some reports now suggest that TJX learned of its massive data breach on Oct 3, 2006, more than two months earlier than it told the government it first learned of the breach, according to an attorney representing one of the banks suing the retail chain. The time lapse is attributed to the "planning" of the announcement and to the fixes that were to be put in place.
A presentation I attended on cyber security a few weeks ago emphasized the TJ Max data breach. But it's not just TJ Max and credit card information that gets stolen. In 2007, there were numerous other reports of data breaches at federal agencies, at universities and at businesses. The FTC website, Dealing with a Data Breach - Deter, Detect, Defend - Avoid ID Theft gives a good overview of steps to be taken.
It is also reported that as many as a half a million database servers aren't protected by firewalls, security experts contend the findings constitute a call to action for security pros and database administrators everywhere.
As we enter the final stages of the Holiday on-line purchasing season, cyber security is more important than ever. Cyber security starts right at home with your own computer. It starts with maintaining security on your own business computers. It's not just having an anti-virus/anti-phishing software program on your systems. It's not just having a firewall on your servers or personal computer. It also includes password security. Is your password a static and reusable one, or is it one-time and dynamic? Hopefully, you aren't one of the people who use Post-It Notes to write your passwords. Even moreso, hopefully, you haven't a file on your computer listing all of your key passwords.
One of your New Years resolutions should be evaluating your computer and data security and making changes and upgrades.