Sounds like a repeat of the Sony story
Really TT had no excuse to not have a major drains up security review after the last data breach back in Jan/Feb.
Maybe they did - but has anyone heard of anything along those lines? Certainly at the time in public they underplayed the seriousness of the last breach (was it so bad they felt they couldn't be honest?), and maybe they are now paying the price for not having done more to fix things at the time.
This is what happens when big businesses whose operations rely totally on IT systems don't have IT expertise on their main boards when making the big investment decisions. Most of the ex-beancounters and sales bods who run these big companies just don't get the complexities, the scope or scale and cost of effectively managing IT systems security risks. It;s a big job and getting bigger, harder and more expensive to do well by the hour.
The execs mutual back scratching clubs that make up the majority of major corporate main boards are more interested in upping each others remuneration packages and reducing IT costs, treating IT systems as well formed predictable commodities - which they are not, yet. Anything to stop those pesky non-sales related IT budgets growing....
Customers/consumers should really take the security of their suppliers IT systems much more seriously - some kind of star rating system like those used for hotels would seem appropriate - crude and simplistic, like most of the the called security systems they rely on!