TJX was cited for not having an active monitoring process for storing sensitive data. The problem is not just the data, but the amounts being kept, says Amichai Shulman, an expert on Payment Card Industry (PCI) Data Security Standard. “What might get through one layer, will hopefully get stopped at the next layer,” says Guardium’s Phil Neray. “There will always be holes in the environment where hackers or insiders can exploit data,” Neray says.”]
Source: https://www.bankinfosecurity.com/tjx-lesson-pci-compliance-might-stop-data-breaches-a-586