Preview

Checkpoint: Tjx Companies

Satisfactory Essays
Open Document
Open Document
326 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Checkpoint: Tjx Companies
CheckPoint: TJX Companies

The data theft that TJX Companies experienced was caused by using the Wired Equivalent Privacy (WEP) encryption system. The WEP had become easy for hackers to navigate and had become quite out of date. TJX also failed to properly encrypt data on many of the employee computers that were using the wireless network, and did not have an effective firewall. The company had also purchased additional security programs that were not installed correctly. An alternative to the out of date WEP could have easily been used. The Wi-Fi Protected Access (WPA) standard in conjunction with a sophisticated encryption system could have been used to replace the WEP. Firewalls could have reduced or eliminated the ability of the hackers to gain access to sensitive information. Lastly the company should have ensured that all computers containing customer information were secure when connecting to a wireless network. The cost associated with data breaches can be enormous and infinite. A data breach can have severe repercussions including reputational costs to organization and brand. A data breach can also cause the loss of confidence and apprehension in consumer. This in turn will cause less people to shop with TJX companies which can create a loss in revenue. The consumer can also have charges and unauthorized use of their credit information. Banks and issuers of credit and debit cards were forced to replace the stolen cards and refund any money that was stolen due to fraudulent credit or debit charges. I believe that TJX should have taken full responsibility for that data theft. I think that the biggest moral obligation that was not met is the obligation to securely store customer data. This moral fault has been estimated to cost upwards of one billion dollars. I also believe that TJX should have been held accountable for all damages since it was their lack of security that allowed the hackers to steal the data in the first

You May Also Find These Documents Helpful

  • Good Essays

    Nt1330 Unit 6 Paper

    • 853 Words
    • 4 Pages

    In my opinion the PCI-DSS standards in place should lead to a secure network and ultimately protect the cardholder data. The Payment Card Industry (PCI) data security standard has important requirements like maintaining a firewall configuration, regularly updating anti-virus software, encrypting transmission of cardholder data across open, public networks to name a few. Unfortunately, the auditing practices at TJX were poor and did not identify the real problems with the TJX systems. The were three crucial issues with the TXJ systems. The first one was the absence of network monitoring; according to the PCI standards, a firewall or a “do not use vendor-supplied defaults for system passwords” was required. They also violated the second PCI standard of protecting the cardholder data by not keeping data logs, and the presence of unencrypted data stored on the system. The stolen information was from old transactions from 2002 which were supposed to be…

    • 853 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Hsc300 Unit 4

    • 480 Words
    • 2 Pages

    potential loss of creditability in the marketplace and loss of new/return business for the party who breached the contract. Eg, a company selling goods and services, a damaged reputation could result in the loss of new and existing customer contracts. Eg. a breach of a loan contract, the potential loss of credit rating affecting future credit potential and business opportunities.…

    • 480 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    It/205 Week 5 Checkpoint

    • 928 Words
    • 4 Pages

    The thieves used several entry points to access TJX corporation systems. They accessed many TJX’s retail stores through poorly secured kiosks. The hackers opened up the back of those terminals and inserted USB drives to install utility software that enabled them to turn the kiosks into remote terminals linked to TJX’s networks. The firewalls that TJX use and had in place did not have enough security to offer and let bad traffic in from the in-store kiosks. The hackers also used mobile data access technology to decode data transmitted wirelessly between handheld price-checking devices, cash registers, and the store’s computers. TJX was using an outdated (WEP) encryption system, which made it easy for hackers to crack. The hackers stole user names and password to setup their own TJX account using handheld equipment and also used the data to crack encryption codes. This allowed them to access TJX system from any computer with internet. The hackers also obtained personal information which could be used for identity theft, including driver license numbers, social security numbers, and military identification of 451,000 customers. The data theft took place over an eighteen month period without anyone’s knowledge. The security controls in place out grew the total size of the company. The system was way overdue for a complete overhaul, because the system was so far out of date with the new technology. I read further about this on the internet and came to find out that the hackers went undetected for seventeen months. This time frame gave the hackers plenty of time to take forty-five…

    • 928 Words
    • 4 Pages
    Good Essays
  • Good Essays

    It 205 Week 3 Assignment

    • 667 Words
    • 2 Pages

    The TJX was still using the old wired equivalent Privacy (WEP) encryption system, which is relatively easy for hackers to crack. An auditor also later found the company had neglected to install firewalls and data encryption, on many of the computers using the wireless network,…

    • 667 Words
    • 2 Pages
    Good Essays
  • Good Essays

    IS3230 Lab 4

    • 528 Words
    • 2 Pages

    8. WEP's major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that's transmitted. But the fact that packets are encrypted doesn't…

    • 528 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    TJX Maxx Code Of Conduct

    • 1247 Words
    • 5 Pages

    TJX like many large corporation are broken down by their teams which they refer to as governance. Of this team you have, the executive committee, executive compensation committee, audit committee, finance committee and corporate governance committee. According to their corporate governance they claim, "As part of our governance practices, we are committed to high standards of ethics, which are reflected in our Associate Global Code of Conduct, Code of Ethics for TJX Executives, Director Code of Business Conduct and Ethics, and Corporate Governance Principles."…

    • 1247 Words
    • 5 Pages
    Powerful Essays
  • Satisfactory Essays

    BIS Week 3 Assignment

    • 446 Words
    • 2 Pages

    References: Horton, T. (2014, May 1). The Right Technology Fix Can Help Prevent Breaches. Retrieved April 29, 2015, from ProQuest: http://search.proquest.com/docview/1548709638?accountid=458…

    • 446 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Surprisingly there were a large amount of threats in house that took advantage of software issue’s and exploited them. More than likely sold the info to outside source to further continue hacking and establishing a backdoor it the database.…

    • 286 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Often Information Technology Directors overlook that information security is more of a people issue rather than a technology issue. We rely heavily on people’s awareness, ethics and behavior, and an understanding of what they want to achieve is essential to accomplish the goals of business. This includes the employees that deliver services and the customers that take advantage of them, as well as the senior executives that outline the budgets.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Good Essays

    The theft of the records was caused by installing malware on the orgaznization's point of sales systems. These systems were used via third party vendors and had various security issues. This was the reason the hackers were able to break into their systems. The file that contained all the records started taking rounds in the market and was being sold in black. These records were then used to steal money from customer's accounts. There were several fake cards made and identity theft took place. The details were stolen from Faziio Mechanical. The malware was then sent to all the employees in an email. There was a possibility that Citadel malware, a program that steals passwords, was involved.…

    • 588 Words
    • 3 Pages
    Good Essays
  • Good Essays

    As seen in the video, criminals stealing hard drives from commercial establishments is becoming more common and holds the opportunity for criminals to steal hundreds of individuals’ credit and debit card information. This growing trend puts the consumer at risk for extra charges on their credit and debit cards as well as identify theft. What is even more surprising is that consumers are unaware of the true risks that are involved in using their card at terminals in stores. Moreover, even though businesses are to swipe the hard drives clean each day, many are failing to complete this proper procedure to prevent consumer’s stolen information. To add, where the consumer’s information was compromised is not made available to the consumer.…

    • 666 Words
    • 3 Pages
    Good Essays
  • Good Essays

    It is almost impossible to find the top reasons why most security breaches happen on a secure network compromising hundreds to thousands of users’ personal information. This happens today more often than one would like to think and the consequences are astronomical for users, employees and customers of the companies. To protect a network and thoroughly secure confidential information, one has to examine the top vulnerabilities and think outside of the normal box to protect the network. When a security breach happens, there is usually a pretty simple reason why it has happened. This paper will discuss one of the highly publicized security breaches to happen in years, the Sony PlayStation Network & Qriocity music and video service that occurred early this year. There will be a discussion on the actual breach that occurred, what caused the breach and how this could have been prevented, and finally, how Sony plans to recover from this monumental loss of confidential data it caused its customers.…

    • 1165 Words
    • 5 Pages
    Good Essays
  • Satisfactory Essays

    When securing the modern enterprise, consider that IT systems do not operate alone. Securing them involves securing their interfaces with other systems as well. It is important to know the different interconnections each system may have.…

    • 312 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    IS 4560 Week 1

    • 309 Words
    • 2 Pages

    Data breaches that could lead to identity theft, by sector - the danger of data breaches are of particular importance for organizations that store and manage large amounts of personal information. Not only can compromises that result in the loss of personal data undermine customer and institutional confidence, result in costly damage to an organization’s reputation, and result in identity theft that may be costly for individuals to recover from, they can also be financially debilitating to organizations.…

    • 309 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    college algebra

    • 1862 Words
    • 11 Pages

    If a company has personal information released, the customers will feel less secure with their banking and will result in a business loss for the company…

    • 1862 Words
    • 11 Pages
    Powerful Essays