Emergent Chaos

I keep trying to avoid commenting on TJX, and keep getting drawn back in. The amount of news and analysis out there is large, and I'm selecting islands in the clickstream. (Any advice on who's covering it well would be appreciated.)

In "TJX Lawsuits -- 45 Million Credit Cards," Pete Lindstrom mentions that there are 18 lawsuits listed in a TJX 10K. Pete discusses the legal situation. My personal opinion is that the 451,000 people whose ID numbers were taken will have a better chance at getting damages from TJX than those whose credit cards were taken. Companies using return management tools that rely on drivers license swipes should consider their risks.

See also "Why Encryption Didn't Save TJX." We need layered defenses, and we need to have honest conversations about what's happening. Getting from here to there might be painful-change often is-but that doesn't mean it's not worthwhile.