The data theft that TJX Companies experienced was caused by using the Wired Equivalent Privacy (WEP) encryption system. The WEP had become easy for hackers to navigate and had become quite out of date. TJX also failed to properly encrypt data on many of the employee computers that were using the wireless network, and did not have an effective firewall. The company had also purchased additional security programs that were not installed correctly.
An alternative to the out of date WEP could have easily been used. The Wi-Fi Protected Access (WPA) standard in conjunction with a sophisticated encryption system could have been used to replace the WEP. Firewalls could have reduced or eliminated the ability of the hackers to gain access to sensitive information. Lastly the company should have ensured that all computers containing customer information were secure when connecting to a wireless network.
The cost associated with data breaches can be enormous and infinite. A data breach can have severe repercussions including reputational costs to organization and brand. A data breach can also cause the loss of confidence and apprehension in consumer. This in turn will cause less people to shop with TJX companies which can create a loss in revenue. The consumer can also have charges and unauthorized use of their credit information. Banks and issuers of credit and debit cards were forced to replace the stolen cards and refund any money that was stolen due to fraudulent credit or debit charges.
I believe that TJX should have taken full responsibility for that data theft. I think that the biggest moral obligation that was not met is the obligation to securely store customer data. This moral fault has been estimated to cost upwards of one billion dollars. I also believe that TJX should have been held accountable for all damages since it was their lack of security that allowed the hackers to steal the data in the first place.