Tjx It Security Breach - 1161 Words

Part I: Description In January of 2007 the parent company of TJMaxx and Marshalls known as TJX reported an IT security breach. The intrusion involved the portion of its network that handles credit card, debit card, check, and merchandise return functions. Facts slowly began to emerge that roughly 94 million customers’ credit card numbers were stolen from TJMaxx and Marshalls throughout 2006. It was believed that hackers sat in the parking lots and infiltrated TJX using their wireless network. Most retailers use wireless networks to transmit data throughout the stores main computers and for credit card approval. The wireless data is in the air and leaks out beyond the store’s walls. TJX used an encryption code that was developed†¦show more content†¦However, having the proper controls in place will mitigate the probability and impact. The cost to implement is insignificant compared to the potential loss. This risk event was a wake-up call to many retailers, not just TJX. Part IV: Controls The control that failed to mitigate the risk event was using WEP encryption technology. It was sufficient when it was developed, but approximately 2 years later the code was cracked. TJX knew and failed to address the obsolete technology. As a retailer that accepts credit cards, it was later proved that TJX was not compliant with PCI Security standards. PCI stands for payment card industry and credit card companies have developed this list of security measures to help protect against theft. TJX collected too much personal information, kept it too long and relied on weak security encryption. At the time of the breach, few retailers had converted to WPA and didn’t want t to spend the money to implement new security measures. As a preventative control TJX should have implement WPA encryption technology. As a detective control, TJX should actively monitor and test their WLAN security. As a corrective control, TJX should actively implement the following PCI standards: Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Requirement 3: Protect storedShow MoreRelatedSecurity Breach at Tjx Essay766 Words   |  4 PagesHBR Case Study Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points in TJX’s security that require attention? While it is known that all retailers, large and small, are vulnerable to attacks, several factors including people, work process, and technology require attention so as to prevent another major attack from hitting TJX. The people associated with the attack who need attention are the top-level executives and, more importantly, the PaymentRead MoreTjx Security Breach Essay1119 Words   |  5 PagesThe TJX companies breach has been labeled the largest data breach in the history of security breach and the ultimate wake up call for corporations (Dash, 2007). TJX is the parent company of chains such as TJ Maxx, Marshalls, Homegoods, and a host of retail stores across the US and Canada. In January 2007, it was discovered that hackers stole as many as 200 million customer records due to a failed security system by TJX which resulted in a $4.8 billion dollars’ worth of damages (Swann, 2007). It isRead MoreTJX security breach Essay812 Words   |  4 Pagesthe failure points in TJXs security that requires attention (including, but not limited to: People, Work Process, and Technology)? After analyzing the Ivey case on TJX data fiasco, I would say there were three major failure points that caused this $168MM financial hit to the corporation. †¢ Technology: it is obvious that TJX had several technology deficiencies mainly driven by systems limitations and vulnerability. For example, inadequate wireless network security allowed the hackers to attackRead MoreCase Study : Southern New Hampshire University1083 Words   |  5 Pages TJX Group Case Study Team 3 Southern New Hampshire University â€Æ' Introduction According to a recent Travelers survey, identify theft, cyber security, and person privacy rank as the top concerns for most Americans. Forty percent of individuals who participated in the survey believe they were a victim to one of these heinous crimes (Survey: Cyber Risk, 2015). Companies are focusing attention on this topic and investing vast resources to combating these crimes. Questions arise regarding TJX’s roleRead MoreA Brief Note On Companies And The Largest Ever Consumer Data Breach1712 Words   |  7 PagesCase Study #2: Maxxed Out: TJX Companies and the Largest-Ever Consumer Data Breach There are five components to the operations security process that companies use to analyze. These five modules provide a company a full analysis of the risks, vulnerabilities, and threats of their data and how to mitigate them. This process identifies all the critical information the company or organization have such a credit card information like TJX had on their main server. Identifying this information is crucialRead MoreAnalyzing The Tj Maxx Data Security Fiasco Essay703 Words   |  3 PagesIntroduction On January 2007 a press release was issued according to CPA journal article â€Å"Analyzing the TJ Maxx Data Security Fiasco† that TJX Companies, Inc. the parent company to retail stores like TJ Maxx, Marshalls, HomeGoods, and A.J Wright stores; computer systems had been breached and that customers’ information had been stolen. (Berg, G. 2008, August) This data breach became the largest one of it’s kind because during the investigation there was reported that approximately 94 million VisaRead MoreTJX the largest-ever consumer data breach Essay1061 Words   |  5 Pagesï » ¿ TJX- SECURITY BREACH MGSC 6201-02 INDUSTRY/COMPANY CONTEXT: TJX Companies, based in Framingham, MA, was a major participant in the discount fashion and retail industry. The TJX brand had presence in the United States as well as in Canada and Europe. In mid-2005, investigators were made aware of serious security breaches experienced in TJX’s credit card system. These breaches were first found at a Marshall’s located in St Paul, MN in which the hackers implemented a â€Å"war driving† tactic toRead MoreBreach X Essay935 Words   |  4 PagesBREACH AT X †¢ What are the people, work processes and technology failure points that require attention? †¢ What practices led to the security breach in TJX and why did such a smart andprofitable organization as TJX face such a situation? †¢ Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? Background a. Describe the company/department History 1. TJX was the largest apparel and home fashion retailer in United StatesRead MoreTj Max Store Security Breach1123 Words   |  5 PagesTJ Max Store Security Breach TJX Inc. is the parent company of retail stores such as TJ Maxx, HomeGoods and Marshalls, which are â€Å"off price† department stores that sell family apparel, home dà ©cor, beauty and accessories. Founded in Framingham, Massachusetts in 1976, TJX currently boasts more than 3,300 stores in the United States, Canada and Europe (TJ Maxx). In 2014, TJX Inc. had net sales of $29 million (TJX Annual Report). In January 2007, TJX Companies Inc. released a statement to the pressRead MoreCase Analysis : Tjx Corporation1446 Words   |  6 PagesQ1) Prepare an introduction for the case analysis report. TJX operated in the off-price market segment and was one of the largest garments and home fashion retailer in the United States. It operated eight independent businesses which were throughout United States, Canada, Puerto Rico and Europe. TJX operated in the Niche market of retailers which occupied the market ignored by departmental and speciality stores. TJX would get its merchandise directly from the manufacturer at wholesale rate throughout