The security breach is one of the keen issues which is prevailing in the world. It mainly occurs when the intruder gains the unauthorised access into the company's protected system it leads to a security breach. TJX has been subject to the same and there are many reasons which led to this, thereby affecting the business of the company.
- What is the background of company TJX and how it emerged in e-commerce?
- What is the case study of a security breach at TJX?
- What are the reasons which resulted in such a security breach?
Background of case study
Carol Meyrowitz became the CEO of the company TJX in early 2007. weeks prior to the promotion, it was found that the TJX system have been hacked by the hackers in late 2006 and the customer data have been stolen. It was one of the largest security data breach till date which have cost billions to the company. This not only resulted in financial loss but the company was also subject to growing customer distrust, lawsuits and government scrutiny. After the incident, the former President of the company resigned and the Chief financial officer also stepped out. However many key personnel worked with Carol in order to guide the company to cope up with public relation crisis.
Overview of company
The TJX company is the American multinational corporation which is a off price department store, headquartered in Framingham, Massachusetts. The company was formed as the subsidiary of the Zayre Corporation in the year 1987 and subsequently became a legal successor to the Zayre Corporation in the year 1989 following the reorganisation of the company. It deals in retail industry and has around 4557 discount stores in TJX portfolio which are located in nine countries. It deals in products like footwear, clothing, furniture, bedding, jewellery, food, housewares and beauty products. The main brand stores of the company includes TJ Maxx, Winners, Marshalls, Home-sense and many other. It became the largest retailer in USA with over 821 stores by the year 2006.
(Illustration 1: TJX, 2021)
Evolution of E-Commerce in company
As in the year 1990, emergence of internet took place so many retailers began to take advantage of it so that through innovation businesses can be conducted. In the year 1999, TJX launched its retail web site for the first time for its popular brand store TJ Maxx. The website had unique features like store locator through which customers can easily locate nearby store of the company, style file where the customer can find the preliminary information about the holiday fashion trend, MaxxMail where the customer can get information regarding the community event and the updates about website. The main purpose of this was to up date the customers about the stores. Then subsequently, in the year 2004, the company launched its first e commerce website for its two retail store TJ Maxx and the HomeGoods. Through this, it offered the products for the sale online for the first time.
The company adopted the Web Equivalent Privacy as the security standard in all its stores where the company used wireless technology yo access information and data from the retail store servers. The products were scanned by barcodes which shows instant current name and the price of the product. This also gave ability to the credit card companies to establish the connection in order to acquire information of customer's credit card from the computer system of retail store.
The company got initial attention and praise from the launch of the e commerce stores but the sales tend to decline. Inlate 2005, the TJX company announced that it has ceased its operations on online stores so that it can return to its traditional means to conducting business. The company did not collapse from its web presence, rather they continued to use the web sites in order to operate as the marketing only websites with the same web addresses.
The company Newbury Networks which specialises in the technology of wireless network security approached TJX in order to discuss the IT security related issues. The TJX knew that the IT security is the growing issue in the retail sector, TJX refused their offer to purchase the security service due to its conservative approach to matter.
(Illustration 2: Security breach at TJX, 2021)
Breach by hackers
When TJX declined the security service offer, many things were going on in the background. In 2005, the hackers sat outside the store and were able to point the telescope shaped antenna to the store where they were able to capture the wireless transactions which took place inside the store as it was broadcasted by the wireless network of the company. The hackers were able to listen the traffic, making sure that they were not visible. For two days they listen to the information and then cracked the WEP security code of the store which allowed them to steal the bank account and credit card information .
In 2006, between May and December they regained the access to the system and then compromised TJX headquarters corporate network in Framingham. They also accessed the vital customer and company information from centralised corporate database of the company.
Related Service: Case Study Help
Discovery of security intrusion
In the year 2006 during October, the retail stores of TJX complained regarding the problems associated with processing the Discover card credit card. The company contacted the CyberTrust in order to investigate about the matter. After around 2 weeks, the company discovered that they were ubject to breach of data. The company hired General Dynamics and the IBM to further investigate on the matter. In 2007, December, the companies hired investigated and the very next day, TJX found a suspicious software into their computer system. The hired companies remained unclear about who is responsible for it. Initially nothing was discovered but later on the company TJX found that the intruder have gained access by the wireless local area network in two stores in St Paul, Minnesota.
(Illustration 3: TJX Companies and the Largest-Ever Consumer Data Breach, 2021)
TJX failures in security breach
The company uses Framingham system in USA and Watford system in Ireland and UK were the hackers have stolen the data by using the hacking technique skimming where the data is stolen at the time of payment card approval.
Another failure was the Kiosks where people were allowed to apply for the job electronically using the kiosks which acted as gateway to IT system of company.
It was found that 94 million card holders were affected by the breach of data. It was found that TJX do not have proper processes to collect and store the log data which resulted in such security breach.
The employees of TJX were negligent in noticing the unauthorised access to the terminals by the hackers. They were able to swapped the Pin Pad terminal with identical device and after few days replace a original terminal, thereby stealing the data of the customers.
You may also like: Professional, Ethical and Legal Issues in Nursing