May 22nd, 2008
TJX whistle blower sacked?
TJX, the retailer that was hit with a major security breach, has sacked a whistle blower who was exposing the company’s security issues.
According to the ha.ckers.org site:
I had some very disturbing news today from one of the forum users - he had just been fired by TJX for whistle blowing on their security issues. CrYpTiC_MauleR, who’s posts on TJX can be found here was fired today by TJX for talking about the company’s security flaws. This is the same company who recently lost millions of credit card numbers, for those of you who don’t recall. They tracked him down by IP (we’re still not completely sure how they did this, but we think it may have to do with a DynDNS account he uses), contacted his ISP to find out who he was, brought him into the office, questioned him about what he found, asked for him to write down his thoughts on how to fix the issues and then promptly fired him.
I completely understand why a company would want to reduce their risk, but this doesn’t bode well for future would-be whistle blowers, or for the future state of security for TJX. CrYpTiC_MauleR has been a long time poster on sla.ckers.org and has made a lot of contributions…
Now this is all a little bit hard to verify–it’s not like TJX (all resources) is going to talk about personnel issues. Meanwhile, the full name of CrYpTiC_MauleR isn’t known. However, we have it on good word that this actually happened.
And now for the big question: Should this whistle blower been fired? I’d have to argue that TJX was right to fire CrYpTiC_MauleR. It’s noble to be a whistle blower. It’s another thing to disclose internal information in a hacker forum–especially as TJX was trying to recover from its security breach.
What’s your take?
Larry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.
For daily updates, follow Larry on Twitter.
Subscribe to Between the Lines via Email alerts or RSS.
