Tjx Case Study

Only available on StudyMode
  • Download(s) : 220
  • Published : April 12, 2012
Open Document
Text Preview
Communications of the Association for Information Systems
Volume 23 | Number 1 Article 31

11-1-2008

Security Breach: The Case of TJX Companies, Inc.
William Xu
Carleton University, wxu3@connect.carleton.ca

Gerald Grant
Carleton University

Hai Nguyen
Carleton University

Xianyi Dai
Carleton University

Recommended Citation
Xu, William; Grant, Gerald; Nguyen, Hai; and Dai, Xianyi (2008) "Security Breach: The Case of TJX Companies, Inc.," Communications of the Association for Information Systems: Vol. 23, Article 31. Available at: http://aisel.aisnet.org/cais/vol23/iss1/31

This material is brought to you by the Journals at AIS Electronic Library (AISeL). It has been accepted for inclusion in Communications of the Association for Information Systems by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact elibrary@aisnet.org.

Security Breach: The Case of TJX Companies, Inc.

William Xu Gerald Grant Hai Nguyen Xianyi Dai Carleton University, Sprott School of Business wxu3@connect.carleton.ca

TJX Companies Inc. is a leading off-price apparel and home fashions retailer with headquarters situated in the United States. In late 2006, the company discovered it was victim to a massive security breach which compromised millions of customer records. Despite the internal exchanges within the IT department concerning the upgrade of their wireless security standard protocol, the company opted for cost savings rather than increased spending. As the company financials took a hit, the company was faced with pending lawsuits from credit card companies and affected customers; government scrutiny of IT security standards; loss of consumer confidence; among other concerns. Though it has not yet concluded the extent of the financial impact of this incident, analysts estimate the full cost of the breach might amount up to one billion dollars. This case presents a “wake-up call” for retail companies about the importance of IT security. Keywords: case study, information technology management, IT infrastructure, networking systems, organization, organizational unit, privacy, risk, security, teaching case

Volume 23, Article 31, pp. 575- 590, November 2008 The manuscript was received 10/13/2008 and was accepted on 11/5/2008.

Volume 23

Article 31

Security Breach: The Case of TJX Companies, Inc.

I. INTRODUCTION
In early 2007, Carol Meyrowitz became CEO of TJX Companies Inc. Ranked among one of the 50 most powerful women in business, she went through many challenges in her career [Fortune Magazine 2007a]. Weeks prior to her promotion, it was discovered that hackers broke into the systems of TJX in late 2006 and stole vital customer information. This event proved to be one of the largest reported security data breaches to date, costing the company millions of dollars. Not only that, there was also a growing fear of customer distrust, government scrutiny, as well as lawsuits from credit card companies and contracting banks which may become critical to the company’s core business. After the incident, former TJX group president Alexander Smith resigned. Gary Crittenden, CFO of American Express Co., also stepped down from TJX's board [Abelson 2007a]. The chairman, Bernard Cammarata; vice-chairman Donald Campbell; and public relations executive, Sherry Lang were among the few public figures who will work with Meyrowitz to guide TJX out of this public relations crisis (see Figure 1 for company organizational chart). Bernard Cammarata Chairman of Board

Donald G. Campbell Vice Chairman

Carol Meyrowitz President & CEO

Arnold Barron & Jerome R. Rossi Group President

Ernie Herrman President, The Marmaxx Group

Jeffrey Naylor CFO & Admin. Officer

Paul Sweetenham Group President Europe

Paul Butka Chief Information Officer

Peter Lindenmeyer Chief Logistics Officer

Alfred Appel Corp. Tax and Insurance

Christina Lofgren Real Estate and Development...
tracking img