Breach X
BREACH AT X
• What are the people, work processes and technology failure points that require attention?
• What practices led to the security breach in TJX and why did such a smart andprofitable organization as TJX face such a situation?
• Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? Background a. Describe the company/department History
1. TJX was the largest apparel and home fashion retailer in United States in the off-price segment and is ranked 138th in fortune 500 companies in 2006.
2. TJX sold brand apparels at prices 20 to 70% lower than department or specialty stores
3. TJX has eight independent businesses under a common umbrella. They had over 2400 stores and about 125,000 associates. Conditions
1. Operational efficiency, vendor relationships and scale, which are crucial to an off-price store, are well maintained in TJX.
2. Quality of internal IT systems was crucial to maintain margins and to stay competitive.
3. IT systems help TJX connect people, places and information in the value chain.
4. TJX buys merchandise from manufacturers throughout the year irrespective ofseasonality and trends. Strengths
1. Vendors, buyers, merchandisers, customers, store associates and financial institutions are well connected through TJX’s IT networks.
2. In-store technologies such as kiosks and hand-held price/inventory barcode helped in their customer services and differentiated them from their competitors.
3. They have also invested in CRM to increase revenues by targeting most profitable customers. Weaknesses
1. PCI DSS has showed that TJX had not met nine of the twelve requirements covering encryption, access controls and firewalls.
2. Their auditors failed to identify three key problems with TJX systems i.e. absence of network monitoring, absence of logs and presence of unencrypted data stored on their systems.
3. TJX has retained
• What are the people, work processes and technology failure points that require attention?
• What practices led to the security breach in TJX and why did such a smart andprofitable organization as TJX face such a situation?
• Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? Background a. Describe the company/department History
1. TJX was the largest apparel and home fashion retailer in United States in the off-price segment and is ranked 138th in fortune 500 companies in 2006.
2. TJX sold brand apparels at prices 20 to 70% lower than department or specialty stores
3. TJX has eight independent businesses under a common umbrella. They had over 2400 stores and about 125,000 associates. Conditions
1. Operational efficiency, vendor relationships and scale, which are crucial to an off-price store, are well maintained in TJX.
2. Quality of internal IT systems was crucial to maintain margins and to stay competitive.
3. IT systems help TJX connect people, places and information in the value chain.
4. TJX buys merchandise from manufacturers throughout the year irrespective ofseasonality and trends. Strengths
1. Vendors, buyers, merchandisers, customers, store associates and financial institutions are well connected through TJX’s IT networks.
2. In-store technologies such as kiosks and hand-held price/inventory barcode helped in their customer services and differentiated them from their competitors.
3. They have also invested in CRM to increase revenues by targeting most profitable customers. Weaknesses
1. PCI DSS has showed that TJX had not met nine of the twelve requirements covering encryption, access controls and firewalls.
2. Their auditors failed to identify three key problems with TJX systems i.e. absence of network monitoring, absence of logs and presence of unencrypted data stored on their systems.
3. TJX has retained