In a recent The Register article, the firing of a TJX employee who blogged about security deficiencies was noted…
TJX Companies, the mammoth US retailer whose substandard security led to the world’s biggest credit card heist, has fired an employee after he left posts in an online forum that made disturbing claims about security practices at the store where he worked.
Security was so lax at the TJ Maxx outlet located in Lawrence, Kansas, that employees were able to log onto company servers using blank passwords, the fired employee, Nick Benson, told The Register. This policy was in effect as recently as May 8, more than 18 months after company officials learned a massive network breach had leaked the details of more than 94 million customer credit cards. Benson said he was fired on Wednesday after managers said he disclosed confidential company information online.
Other security issues included a store server that was running in administrator mode, making it far more susceptible to attackers. He said he brought the security issues to the attention of a district loss prevention manager name Allen in late 2006, and repeatedly discussed them with store managers. Except for a stretch when IT managers temporarily tightened password policies, the problems went unfixed.
So happy shiny Liquidmatrix Security Digest readership…
Is he a Blogtard or a Hero?
… and do you have a published, communicated, and monitored employee policy on blogging about your company?
[tags]TJX, Blogtard, Whistleblower, Internet Asshattery[/tags]
Blogtard.
There are better ways to whistle blow if that is what one is inclined to do – especially given the publicity around the security at TJX.
I am with CJ, absolutely a blogtard.
And with that statistically valid sample – the official word… he’s a Blogtard.