Tjx Security Breach

Only available on StudyMode
  • Topic: PCI DSS, Credit card, TJX Companies
  • Pages : 3 (1116 words )
  • Download(s) : 401
  • Published : November 7, 2012
Open Document
Text Preview
The TJX companies breach has been labeled the largest data breach in the history of security breach and the ultimate wake up call for corporations (Dash, 2007). TJX is the parent company of chains such as TJ Maxx, Marshalls, Homegoods, and a host of retail stores across the US and Canada. In January 2007, it was discovered that hackers stole as many as 200 million customer records due to a failed security system by TJX which resulted in a $4.8 billion dollars’ worth of damages (Swann, 2007). It is said that the breach occurred because they did not have any security measures in place to protect consumer’s data such as their debit cards, credit cards, checking account information, and driver’s license numbers. Reports identified three major areas of vulnerability: inadequate wireless network security, improper storage of customer data, and failure to encrypt customer account data. The operation happened in two phases going back to 2002 (Dash, 2007). More than 94 million were affected in phase one of the breach. The data was breached through a wireless network and was very easy to accomplish. The type of attack is a protocol analyzer, commonly known as a sniffer attack (Gibson, 2012). When you run a protocol analyzer, you capture the packets and can then save the captured data as a file and browse them at your leisure (Gibson, 2012). Investigations into the TJX case appear to indicate that the company was not in compliance with the Payment Card Industry (PCI) data security standards established in 2004 by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International (Berg, Freeman, & Schneider, 2008). From a parking lot at the store where the initial breach occurred, the hackers intercepted the data by using a telescope like radio antenna to pick up signals and gain access a wireless network that was inadequately secured. Specifically, the network was using a security protocol known as wired equivalent privacy (WEP), which is not...
tracking img