How long have we been hearing about this TJX mess? It’s hard to believe, but the news broke last January: Intruders had stolen credit card transaction data about customers of T.J. Maxx, Marshalls and other TJX stores. Back then, TJX claimed that “a limited number” of customers were affected. “And by ‘limited’ we mean substantially less than millions,” a spokeswoman said.
Last week, we got a harder number: 94 million customers.
How could TJX have been so spectacularly wrong?
One word: optimism.
Oh sure, these people might just be lying SOBs who deliberately covered up the awful news. But what we know suggests they really were concerned — just clueless as to how bad it could get.
Consider this: Back in January, TJX thought the breach came in mid-May 2006. But within weeks, an investigation by IBM and General Dynamics found that the first intrusion had happened almost a year earlier, in July 2005 — not seven but 17 months before it was discovered.
In January, TJX said the number of customers affected was under a million. But the New Hampshire Bankers Association, which represents banks that issue credit cards in that state, estimated that up to 4 million people were affected just in New England.
By March, TJX’s estimate had ballooned to 45.6 million credit accounts in filings with the U.S. Securities and Exchange Commission. The company is still officially sticking with that number. But in court filings last week, a group of banks said that 94 million separate credit and debit card accounts were affected — 65 million Visa accounts and 29 million MasterCard accounts.
That’s 100 times TJX’s first estimate, and so astonishingly out of whack with the original statement that if it was an intentional lie, it was doomed to be unbelievable from the start.
But optimism? Yeah, we can believe that.
After all, IT people know how seductively dangerous optimism can be. It’s the reason we routinely overrun project budgets and timelines. It’s why user training always takes longer and is less effective than we expect it to be. It’s the root cause of most of our software problems and hardware headaches.
We underestimate what can go wrong. And when it does, we’re not prepared. In fact, we’re blindsided.
Read the entire article at ComputerWorld.
Post a Comment
You must be logged in to post a comment.