The credit card data theft at TJX Companies is considered one of the worst ever. The case is significant because of a lack of appropriate security and control.
Resources: Ch. 7 & 12 of Essentials of Management Information Systems
Answer the following questions in 200 to 300 words:
•List and describe the security controls in place. Where are the weaknesses?
The thieves used several entry points to access TJX corporation systems. They accessed many TJX’s retail stores through poorly secured kiosks. The hackers opened up the back of those terminals and inserted USB drives to install utility software that enabled them to turn the kiosks into remote terminals linked to TJX’s networks. The firewalls that TJX use and had in place did not have enough security to offer and let bad traffic in from the in-store kiosks. The hackers also used mobile data access technology to decode data transmitted wirelessly between handheld price-checking devices, cash registers, and the store’s computers. TJX was using an outdated (WEP) encryption system, which made it easy for hackers to crack. The hackers stole user names and password to setup their own TJX account using handheld equipment and also used the data to crack encryption codes. This allowed them to access TJX system from any computer with internet. The hackers also obtained personal information which could be used for identity theft, including driver license numbers, social security numbers, and military identification of 451,000 customers. The data theft took place over an eighteen month period without anyone’s knowledge. The security controls in place out grew the total size of the company. The system was way overdue for a complete overhaul, because the system was so far out of date with the new technology. I read further about this on the internet and came to find out that the hackers went undetected for seventeen months. This time frame gave the hackers plenty of time to take...