Security Breach at Tjx

In: Computers and Technology

Submitted By vicwong92
Words 1948
Pages 8
Overview
This case analysis report is about the IT security problems that Owen Richel, the Chief Security Officer of TJX should consider to improve by analyzing some security issues that TJX had faced during the 2005-2007 database intrusion. As technology advances, companies are facing some challenges regarding information privacy. “Information privacy concerns the legal right or general expectation of individuals, groups, or institutions to determine for themselves when, and to what extent, information about them is communicated to others.” (Lecture notes) One of the privacy problems includes unauthorized access, which violates the laws and company’s policies, can limit a person to access to his/her personal information, and threaten the company’s legitimacy in its interactions with its stakeholders. In this case, TJX experienced an information security breach, caused over 94 million of payment cards at risk, and paid $158 million for damages and losses. This serious problem was recognized by Owen and thus case discussion is carried out as follows.
Stakeholders & Preferences
Some of the important stakeholders are customers, financial institutions, vendors and distributors, shareholders, and the management and employees.
The most important stakeholder is the customers that TJX has been long serving with because they are the very first group of people who were affected by the intrusion. It was the customers’ debit and credit cards information that were stolen which led to serious consequences such as, money being stolen from bank accounts, and credit cards being abused. Majority of the customers would rely on the companies and trusting them with their personal information. They think that it is the company’s responsibility to secure and protect their information within the company’s systems.
Another important stakeholder is the financial institutions…...

Similar Documents

Security Breach

...Running Head: SECURITY BREACH Security Breach faced by Sony Corporation Introduction In the global marketplace, to attract the customers and provide relevant information to the customers, internet is used by most of firms as a promotional tool. In this, web-sites, social networking sites, etc. are used by the firms to communicate with the customers. Although, many security tools and techniques are used by the firms to secure the data of firm and customers, yet, some security breaches are also faced by the firms due to technical advancement. For this paper, Sony Corp. is selected that has faced security breach. Sony Corporation is a multinational firm that operates its business in global market and belongs to Japan and produces electronic products for the customers (Sony Corp. Info, 2011). There will be discussion about products information, contact information, internet marketing strategies, privacy policy of the firm, etc. Evaluation of Website Sony Corporation provides whole relevant information on the website of the firm about its products, services, etc (Sony Corp. Info, 2011). Areas that are evaluated for the firm are as follow: Product information: Sony Corporation has developed its website effectively that attracts the customers to purchase products. The firm provides all relevant information about the products on its website. Additionally, the firm also has made a list of its products that includes various categories of......

Words: 1807 - Pages: 8

Security Breach at Tjx

...Security Breach at TJX 1. Identify & describe the failure points in TJX's security that requires attention (including, but not limited to: People, Work Process, and Technology)? After analyzing the Ivey case on TJX data fiasco, I would say there were three major failure points that caused this $168MM financial hit to the corporation. * Technology: it is obvious that TJX had several technology deficiencies mainly driven by systems limitations and vulnerability. For example, inadequate wireless network security allowed the hackers to attack specific stores just by using a laptop and an antenna which permitted the thieves access to the central database. As it was mentioned in the business case, TJX was using (WEP) as the security protocol and it is well-known in the e-commerce arena that WEP encryption can be deciphered in less than one minute which makes it very unreliable and risky for business transactions. Last but not least, TJX failed to encrypt customer data. * Auditors: it is concerning that TJX passed a PCI DSS check up and that non auditor noticed the technology issues TJX was facing. * Executives at TJX: It is evident that the company wasn’t in compliance with the Payment Card Industry (PCI) standards. Primarily, the person in charge of the IT department should have been on top of ensuring TJX to be in compliance, by setting expectations and objectives pertained to security within its organization. In addition to the head of IT,......

Words: 826 - Pages: 4

Computer Security & Privacy - Tjx

...Computer Security & Privacy - TJX Case Backgroud: TJX, largest apparel and home fashions retailers in the off-price segment was struck with Security Breach in all of its eight business units in US, Canada and Europe. Intruder had illegally accessed TJX payment system to hack personal and credit/debit card information of an unspecified number of customers. Security breach had affected Customers - pay for the purchases made by the intruders/ card invalidated / expiring the spending power, Financial Institutions –re-issue the cards for those customers whose information was compromised, Store Associates –change their credentials for system access, Vendors, Merchandisers - Modify the information shared due to mutual network and Richel Owen, CSO- design long and short term strategy to address the security breach issue. Intruders utilized the data stolen to produce bogus credit/debit cards that can be used at self-checkouts without any risks, and had also employed gift card float technique. Case Analysis: TJX learnt about the hacking on December, 2006 through the presence of suspicious software and immediately called in Security consultants for assistance. TJX had been intruded at multiple vulnerable points – Encryption, Wireless attack, USB drives, Processing logs, Compliance and Auditing practice. Encryption - Intruder had accessed the card information during the approval process and had the decryption key for the encryption software used in TJX. This can be addressed by......

Words: 620 - Pages: 3

Target Security Breach

... Name: Sampson Amoako Mensah Course: CSC-781 Instructor: Dr. Yen-Hung (Frank) Hu Topic: Target Security Breach Case Study Abstract This paper identifies the issues that cause the Target’s security breach, its also discusses the events that lead to the breach, identifies potential causes of this events, who was affected and how consumers reacted, the extent of the breach, and provide ways to address this events in addition to addressing risk management and data recovery for future occurrence. An Overview of the Breach In the days prior to Thanksgiving 2013, a malware was installed, on Target’s security and payment system, designed to steal credit cards that comes across the system. This malware targeted all the 1,797 stores own by target in the United States. The malware was coded, to pick up credit cards that were swiped at the register and stored on a server controlled by the hackers. Federal enforcement officials contacted Target on December 12, to alert them of the breach, target responded in three days to confirm the breach, Target reported about 40 million credit cards were stolen, about 70 million of personal records were also stolen. Events Leading to Breach Businessweek reports that hackers used the credentials of an HVAC vendor to get into Targets network, and spent several weeks installing the malware. hackers then sent the malware to the 1,797 stores owned by Target and got them installed on cashier stations,...

Words: 588 - Pages: 3

Ipad Security Breach

...iPad’s Security Breach Zul-Jalaal Abdullah Strayer University Shelby Oaks campus Business Enterprise-508 April 21, 2011 Dr. Carolyn Tippett Discuss Goatse Security firm possible objective when they hacked into AT&T’s Website. Here’s what happened: Goatse Security discovered a rather stupid vulnerability on the AT&T site that returned a customer email if a valid serial number for the iPAD sim card was entered. (Arrington, 2010, para. 2). An invalid number returned nothing, a valid number returned a customer email address. Goatse created a script and quickly downloaded 114,000 customer emails. It was then turned over to Gawker, after, they say, AT&T was notified and the vulnerability was closed (Arrington, 2010, para. 2). Gawker published some of the data with the emails removed. Stated Goatse: “All data was gathered from a public web server with no password, accessible by anyone on the Internet. There was no breach, intrusion, or penetration, by any means of the word. ”(Arrington, 2010, para. 2). AT&T is characterizing the incident as “unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service (Arrington, 2010, para. 3). ”We don’t see much hacking here, and we don’t see anything really malicious (Arrington, 2010, para. 3). AT&T was effectively publishing the information on the......

Words: 1778 - Pages: 8

Security Breach

...Security Breach Madeleisy Molerio HCS/533 December 1, 2014 KYM PFRANK Security Breach  Patient medical records privacy and security is the most essential parts of the St. Johns Hospital program of behavior, the hospital take satisfaction in the complete policies and actions that are set to preserve patient privacy. Each worker is apprehended to an extreme standard of upholding the maximum level of confidentiality and privacy when is refer to patient health data. This document will make a summary of the strategy that St. John’s hospital has produced in a circumstance of a security breach or security risk in the service. The administration in the St. John’s Hospital have lately been informed that employees has perceived some of the cleaning person are browsing correspondence that was dropped in the Data Systems (DS) department, this has occurred on many occasions. The cleaning personnel is given by an outside company and are not hire directly by workers of St. John’s Hospital, which creates the security breach a little more dangerous. Workers have been trained to challenge the cleaning personnel if they eyewitness something similar like this, however a lot of the employee would prefer to have an affiliate of supervision to challenge the personnel. The employee in the DS department have been educated on what moves to proceeds when are conducting PHD and private data, nevertheless it appears that some of the employees are acting negligent when succeeding the......

Words: 1647 - Pages: 7

Security Breach Action Plan

...Security Breach Action Plan Lisa Moran University of Phoenix HCS/533 February 2, 2015 Dr. Chong Daleiden Security Breach Action Plan Introduction Guarding patient’s confidentiality is most vital when working in any health care arena. There are individuals who are looking to take information which does not belong to them for their gain. When individuals are able to obtain this information for personal gain it is known as identity theft. This paper will look at the occurrence at St. John’s Hospital and discuss what should have been done with the patient documents, what actions, if any, should these personnel take toward the actions of the cleaning staff. Also this paper will discuss the actions, if any, that should be taken by IS for the management plan and code of conduct. Security Breach The administrative department has been notified that there was a security breach in the handling of protected client information in concerns to policies and procedures. On a number of occasions, employees who work late into the evening have seen the house keeping staff reading unwanted records. This is a direct violation of the Health Insurance Portability and Accountability Act (HIPAA) Laws. These laws are put into place for patient protection. This breach of security took place in a department of restricted-access, and certainly should not have transpired. Any unwanted patient records should be shredded before being discarded in the trash. When a document is thrown away like...

Words: 1895 - Pages: 8

Security Breach at Tjx

...Question 1 TJX is the parent company of popular off-price retailers like TJ Maxx and Marshalls. Based in Framingham, Massachusetts, TJX has over 2,400 stores worldwide and earned US$17.4 billion in sales during the 2007 fiscal period. On December 18th, 2007, TJX discovered that it fell victim to one of the largest data theft cases in American history. Approximately 94 million credit and debit cardholders were affected by the attack. The American Secret Service and FBI had to investigate the breach and TJX lost millions of dollars in the following years due to class-action lawsuits and investigation costs. This report will analyze the causes of TJX’s IT security weaknesses and provide recommendations on what the company should do in the short-term and long-term to ensure something like this never happens again. Question 2 Management – TJX’s management needs to move fast and implement better IT security measures to prevent an attack like this from ever happening again. They must accomplish this while balancing lawsuits from credit card companies & customers and ongoing federal investigations while still managing day-to-day operations. TJX has already booked a provision of $168 million related to the attack and does not want to suffer any more financial loss. It also needs to regain customer confidence, which is crucial to maintaining its market leadership and sales. Customers – TJX’s customers have lost confidence in the company’s ability to store its......

Words: 2721 - Pages: 11

Security Breach

...Cyber Attacks and Security: The Problem and The Solution Shamika A. Woumnm BIS/221 February 16, 2015 Gregorio Chavarria Cyber Attacks and Security: The Problem and The Solution In December of 2013, Target reported that up to 70 million customers worldwide were affected by a major security breach. It was reported that thieves stole massive amounts of credit and debit card information during the holiday season which also swept up names, addresses and phone numbers of their customers, information that could put victims at greater risk for identity theft. The Problem The Target breach is ranked as one of the worst ever. During the peak of the holiday season that year Target said that up to 40 million customers’ credit/debit card information had been stolen from people who shopped in their stores from November 27 to December 15. That following Friday that’s when another 70 million customers were affected, some of who, might have had their personal information compromised as well. Cyber criminals gained access to the computers entity and steered the information to a server in Eastern Europe to eventually sell on the black market card. According to the press, there when the two automatic intrutions alerts and installations of malware took place within the software and computer systems they were neither detected nor identified by the company. When there are security breach’s within a company it has a major effect on the company’s......

Words: 558 - Pages: 3

Ipad's Security Breach

...Running header: IPAD’S SECURITY BREACH iPad’s Security Breach The Business Enterprise- BUS 508 May 28, 2011                 IPAD’S SECURITY BREACH Abstract Across the globe AT&T is known as the world’s leading integrated companies-applying innovative technologies to discover, develop and complete construction of the first transcontinental broadband-communications network. This paper will investigate and discuss some of the major issues involving Apple’s security breach. First determine if hacking into a website is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. We will create a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking. Secondly discuss if it is important for organizations like Gawker Media to be socially responsible; determine what factors CEOs should consider when responding to a security breach. Lastly, create an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue       IPAD’S SECURITY BREACH Determine if hacking into a website is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. According to Bosker (2010), recently, private information of iPad owners have been exposed through a security breach that has brought......

Words: 1991 - Pages: 8

Security Breach

...Network Security Darren Jackson NTC/411 April 18, 2013 Dennis Williams Network Security White Lodging Security Breach In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a “suspected” breach of point-of-sale systems at 10 locations. Banking sources back in February 2015 stated that the cards compromised in this most recent incident looked like they were stolen from many of the same White Lodging locations implicated in the 2014 breach, including hotels across the country. Those sources said the compromises appear once again to be tied to hacked cash registers at food and beverage establishments within the White Lodging run hotels. The sources said the fraudulent card charges that stemmed from the breach ranged from mid-September 2014 to January 2015. White Lodging president and CEO, Hospitality Management, Dave Sibley stated in a press release issued April 8, 2015 that “after suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services. These security measures were unable to stop the......

Words: 933 - Pages: 4

Target Security Breach

...Target Security Breach COM/295 May 17, 2015 Target Security Breach During the 2013 holiday season, hackers infiltrated Targets computer network. With nothing but the wrong doing in their plans, the hackers were able to breach the mainframe and install a malware system that would allow them access to everyone that purchased at Target. Riley (2014) states, the malware, would step in, capture the shopper's credit card number, and store it on a Target server commandeered by the hackers. Target's ethical obligation was to try and investigate all damages caused by the breach to their mainframe. Unfortunately, it seems they were more preoccupied with supplying the public with research on internal procedures as oppose to admitting their failure to respond expeditiously. FireEye (FEYE) which is a fail-safe, was put in place for Targets security system. FEye would inform Bangalore (security specialists for Targets security system in Minneapolis), and Bangalore alerted the corporate team. Nothing was done to avoid the disaster that would be (Riley, 2014). Sadly we'll never get to the bottom of why the flags were ignored in the first place. CEO, Gregg Steinhafel, was interviewed by a CNBC reporter regarding the data breach mishap. The interview took place practically one month after the incident occurred. In my opinion, the interview was useless and unrevealing. "At best, Steinhafel offered a partial explanation......

Words: 461 - Pages: 2

Ipad's Security Breach

...IPad’s Security Breach Hacking is one of the things that most people worry about. There is sometimes a need to share personal information to different companies and people for different reasons. Hacking is a way for others to steal, share and use personal information that does not belong to them. It is defined as the use of computer and network resources as a means of obtaining information illegally. Hacking is considered as a felony in the United States (Sabadash, V. 2004). In recent years, people have become more conscious of whom, where and when they provide personal information because they know there is a chance that their information may be taken and used without their permission. When using the internet and other sources, many choose to use secured sites or sites that they trust will protect and keep their personal information private. Although companies usually take all necessary precautions in order to keep their clients information private, there are sometimes flaws in their systems and things may be overlooked. There are many examples of weaknesses with the prevention efforts and some of them are as follows: old software or software that has not been patched, default passwords that are poorly chosen, disabled security controls and web servers with poor configuration, just to name a few (Sabadash, V. 2004). With this assignment, I have reviewed some information regarding the security breach of Apple/AT & T’s IPad. The information has influenced......

Words: 1664 - Pages: 7

Security Breach at Tjx

...Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT security? 3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How did a smart and profitable retail organization get into this kind of situation? Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT security? 3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How did a smart and profitable retail organization get into this kind of situation? Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in......

Words: 785 - Pages: 4

Ipad's Security Breach

...iPad’s Security Breach Samantha Phillips Dr. Prakash G. Menon BUS 508: The Business Enterprise May 29, 2011 Justifying Hacking into a Web site In 2010, McDonald’s said that customer information was exposed after a security breach involving an email marketing managing firm. McDonald’s released a statement explaining that information was obtained by an “unauthorized third party”, but added that financial information and social security numbers were not part of the data accidentally exposed. (Security Magazine, 2010) A security breach exposed iPad owners including dozens of CEOs, military officials, and top politicians. They, and every other buyer of the cellular-enabled tablet, were vulnerable to spam marketing and malicious hacking. The breach, which came just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised. In fact, it is believed 114,000 user accounts were compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. (Tate, 2010) Earlier this year, the names and e-mails of customers of Citigroup Inc. and other large U.S.......

Words: 3288 - Pages: 14