Friday, March 30, 2007

Hacking TK Maxx

TK Maxx has been "hacked", 45 million customers have had their credit card details stolen over a period of time.

The BBC has this here.

The security breach raises two questions. The first is one of how sensitive data is stored by organisations, the second is do they actually need to retain this information?

Both commercial organisations and government need to realise that if data is held then people will try and hack the data. The more data you have and the more complete it is the more valuable the prize.

In short one big ID card database is a very very bad idea.

9 comments:

Gavin Ayling said...

You're forgetting that private companies have a reputational incentive not to allow this sort of thing to happen... A government wouldn't even have that!

The Labour Party is mad on this issue!

Benedict White said...

Well, yes. However we are assured that there will be all sorts of security. I am not convinced because at some point someone will figure out how to break it.

Marquee Mark said...

If you want to get our Tin-foil hat dusted down, try following the threads about Total Information Awareness on this site:

http://www.waynemadsenreport.com/

In short, systematc data thefts to populate super-computer systems that have information databases on us all. Having been prevented from gaining the information legitimately, the spooks are going about colllecting it by other means.

So - question: should the UK and US governments swap data to populate these systems? And should they still swap it if the data was collected by improper/illegal means?

Benedict White said...

Marquee Mark, Well I don't know what the secret services are doing. If we have an ID card database it could be open to all sorts of people to look at though.

Welshcakes Limoncello said...

I was horrified to see this story on "Sky" last night - not that I shop in the store, not out of snobbery but because I can't stand stressful stores. Do you think it will happen to other retailers? It's scary but as you say, the retailers have to realise that they are likely to get hacked, and maybe employ hackers to get ahead of the hackers, if you see what I mean. [I'm not sure I do but I know what I meant when I started!]

Benedict White said...

Welshcakes, It could happen to anyone who stores credit card information. In principle once a transaction has cleared and been authorised I can't see any need for the retailer to hold the information.

Yes they should employ hackers to try and break the system, but the retailers and banks need to learn that you can always get someone one the inside.

Anonymous said...

I am tempted to say that if people are foolish enough to shop at tk maxx then they deserve everything they get..

Benedict White said...

Anonymous, at 10.26, Well perhaps, but you wouldn't surely be that uncharitable? :)

Anonymous said...

Hey, I recently added a news widget from www.widgetmate.com to my blog. It shows the latest news, and just took a copy and paste to implement. Might interest you too.