Employee Canned for Exposing Blank Passwords at TJX
The Register is reporting a TJX employee was fired for Internet postings about blank passwords on company servers as recently as a few weeks ago. After the long drawn out saga of their data breach last year this is the last place you'd expect to hear these accusations. Let's assume the accusations are true, should the employee have been fired?
Yes, he didn't do enough to get the problem fixed:
He said he brought the security issues to the attention of a district loss prevention manager name Allen in late 2006, and repeatedly discussed them with store managers. Except for a stretch when IT managers temporarily tightened password policies, the problems went unfixed.
and
"Not one single thing was done. My store manager even posted the password and username on a post-it note. I told her not to do that."
One letter to the CEO, the auditors or the consultants brought in to help with security could bypass mid-level management stonewalling. Going public is a whistle blowers last resort, this case doesn't seem to have reached that point yet.
One has to wonder who in the management chain was fired along with the employee. If these reports are true and they are not isolated to a single store then there is a profound organizational problem that needs to be addressed quickly. Firing one employee and maybe a local manager or two isn't going to do it.
In the mean time I'll continue to shop elsewhere.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
