Lawrence (KS) – TJ Maxx employee Nick Benson thought he was doing a good deed by posting his work’s security horror stories on a popular web forum, but those posts recently got him fired.  23-year-old Nick Benson used to be employed at the TJ Maxx store in Lawrence Kansas and he saw several instances of horrible security practices like supervisors posting usernames and passwords on Post-IT notes (who hasn’t seen that), passwords set to match usernames and even blank passwords.

Benson, who had worked for the company since October 2005 as a cashier, said he informed supervisors and loss prevention of the problems after reading about the massive data theft against his company by several hackers.  In that case, tens of millions of accounts were compromised after the criminals hacked the wireless access point and copied information from the Point-Of-Sale computers.

Benson began posting his findings to sla.ckers.org under the handle ‘CrYpTiC_MauleR’ and you can read that forum thread here. TJX apparently hired a computer security firm to track down Benson and fired him a few months later.

Read more … The Register.

So they can hire the security firm...

May 29, 2008 07:56     

...to track down their employee, but not to fix their security issues. Unrelated, but I hope bad press from security issues like this really starts to hurt businesses that take securing your personal information lightly. Here in the states a number of resturants chains have been wiped out or severely hurt due to food contamination issues. This causes others to step up their policies to prevent similar problems. I wouldn't mind seeing the same thing with loose security of personal data...

WtF report abuse vote down vote up Votes: +3