TJX fires security whistleblower

Posted by Humphrey Cheung

Lawrence (KS) – TJ Maxx employee Nick Benson thought he was doing a good deed by posting his work’s security horror stories on a popular web forum, but those posts recently got him fired.  23-year-old Nick Benson used to be employed at the TJ Maxx store in Lawrence Kansas and he saw several instances of horrible security practices like supervisors posting usernames and passwords on Post-IT notes (who hasn’t seen that), passwords set to match usernames and even blank passwords.

Benson, who had worked for the company since October 2005 as a cashier, said he informed supervisors and loss prevention of the problems after reading about the massive data theft against his company by several hackers.  In that case, tens of millions of accounts were compromised after the criminals hacked the wireless access point and copied information from the Point-Of-Sale computers.

Benson began posting his findings to sla.ckers.org under the handle ‘CrYpTiC_MauleR’ and you can read that forum thread here. TJX apparently hired a computer security firm to track down Benson and fired him a few months later.

Read more … The Register.