• What are the people, work processes and technology failure points that require attention?
• What practices led to the security breach in TJX and why did such a smart andprofitable organization as TJX face such a situation?
• Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? Background a. Describe the company/department History
1. TJX was the largest apparel and home fashion retailer in United States in the off-price segment and is ranked 138th in fortune 500 companies in 2006.
2. TJX sold brand apparels at prices 20 to 70% lower than department or specialty stores
3. TJX has eight independent businesses under a common umbrella. They …show more content…
1. Security intrusions could lead to heavy loss to the company.
2. Customer loyalty is a driving force for profits and any security breaches would create a huge impact on it.
3. Wireless is a popular means of attacking retail chains.
Key Issues a. Issue #1: Cause of technology Failures and computer intrusions. Sub issue: Wireless attacks b. Issue #2: Identifying the issues/ drawbacks related to work processes. c. Issue #3: Increasing the awareness of employees towards these security violations.
1) Encryption Techniques
1. The encryption algorithm (WES) used by TJX is very weak. WES decryption is available online via simple google searches
2. They also recognized a window of time in which the credit card numbers are decrypted and during that time duration of less than a second, captured all the required data. Conclusion: TJX had an encryption system which is outdated and is prone to security risks. 2) Wireless Attacks
1. Thieves used telescope-shaped antennas and decoded data streaming through the air between hand-held price-checking devices, cash registers and the store’s computers.
2. They also captured the IP addresses, captured lots of data and used that data to crack the encryption code. Conclusion: Even