Tjx System Breach Case Study
TJMaxx System Breach
Cormalita Uzzell
319/CIS
May 6, 2013
Christopher Canter
In January 2007, TJX Companies, Inc. issued a press release announcing that its computer systems had been breached and customer information had been stolen. Reports estimated at least 94 million Visa and MasterCard accounts had been compromised, with losses projected at $4.5 billion. What happened to cause the companies breach? What did the company do to insure that this would not happen again? Perhaps the company simply thought the current system was flawless.
Every company would like to have the top notch system that could not be hacked, but that is not feasible. For every new system there is a hacker waiting to try to get lucky and steal some information. This was not the case for TJX. Investigation into the case indicated that the company was not in compliance with the Payment Card Industry (PCI) …show more content…
It was possible that the company was using older point of sale software that could not reconfigure to comply with the PCI standards. Another problem mention by The CPA Journal is the failure of TJX to properly encrypt customer data or the hackers stole the encryption key. Nonetheless, the bottom line was the company did not maintain industry standards.
According to the Illinois Attorney General, TJX agreed to install a comprehensive information security program that assesses internal and external risks to consumers ' personal information. The company also will regularly monitor and test the program 's effectiveness and report the results to the Attorneys General. Under the agreement with Madigan 's office and the other Attorneys General, TJX will: * Upgrade all Wired Equivalency Privacy ("WEP ') based wireless systems in TJX retail stores to wired systems or Wi-Fi Protected Access ("WPA") wired
Cormalita Uzzell
319/CIS
May 6, 2013
Christopher Canter
In January 2007, TJX Companies, Inc. issued a press release announcing that its computer systems had been breached and customer information had been stolen. Reports estimated at least 94 million Visa and MasterCard accounts had been compromised, with losses projected at $4.5 billion. What happened to cause the companies breach? What did the company do to insure that this would not happen again? Perhaps the company simply thought the current system was flawless.
Every company would like to have the top notch system that could not be hacked, but that is not feasible. For every new system there is a hacker waiting to try to get lucky and steal some information. This was not the case for TJX. Investigation into the case indicated that the company was not in compliance with the Payment Card Industry (PCI) …show more content…
It was possible that the company was using older point of sale software that could not reconfigure to comply with the PCI standards. Another problem mention by The CPA Journal is the failure of TJX to properly encrypt customer data or the hackers stole the encryption key. Nonetheless, the bottom line was the company did not maintain industry standards.
According to the Illinois Attorney General, TJX agreed to install a comprehensive information security program that assesses internal and external risks to consumers ' personal information. The company also will regularly monitor and test the program 's effectiveness and report the results to the Attorneys General. Under the agreement with Madigan 's office and the other Attorneys General, TJX will: * Upgrade all Wired Equivalency Privacy ("WEP ') based wireless systems in TJX retail stores to wired systems or Wi-Fi Protected Access ("WPA") wired