I’m a bit worried. A couple of years ago I think I bought a pair of pants in TK Maxx; I’m not proud of it, but Calvin Kleins for £8 – bargain or wot? Actually, probably not if someone is currently siphoning all of the cash from my bank account into an offshore terrorist fund.

Yes, as you’re all doubtless aware, high street vendor of ill-fitting sports casual-wear, TK Maxx, has come a bit of a data breach cropper. The full extent of the loss is probably still to be confirmed, but it’s already the biggest by miles: over 40 million card details nabbed during a period of a couple of years or so. Depending on who you listen to though, the  technology out there which could deal with this is either mature enough or not, not to say the retailer shouldn’t have had anything in place to mitigate the potential risk of attack.

What is true is that some kind of database monitoring technology would have been smart, to see if anyone was trying to attack it, or if trusted insiders were doing something they shouldn’t have been. Payment Card Industry (PCI) standards were set up explicitly to avoid this kind of thing happening, or at least alert a firm if a hack is happening in a relatively timely manner, and TK has apparently just gone ahead and ignored them…oops.

Roy Harari of IT security consultancy Comsec – who was thankfully not trying to plug his company’s product and market it as the answer to this whole messy little situation – said that if any firm does some half decent security management and basic PCI implementation this could be avoided. Not that the hack wouldn’t happen, but the firm would certainly be aware of it sooner than 18 months. There are also suggestions, however, that the data was half-inched before it was encrypted, specifically during the during the payment card issuer's approval process, in which case the only advice I have for it managers is…just buy your pants, traccie bottoms and polo shirts with cash next time.