TJX wound up having their servers broken into and as a result, countless people's private information was stolen, including credit card data. So apparently security was very lax, and as it turns out it's still lax.
Over at Sla.ckers.org you can read a forum thread where an employee of TJX talks about all the various security lapses that are still happening. For example, using blank passwords and having rookies install firewalls.
What's it take to learn a lesson?