The TJX companies breach has been labeled the largest data breach in the history of security breach and the ultimate wake up call for corporations (Dash, 2007). TJX is the parent company of chains such as TJ Maxx, Marshalls, Homegoods, and a host of retail stores across the US and Canada. In January 2007, it was discovered that hackers stole as many as 200 million customer records due to a failed security system by TJX which resulted in a $4.8 billion dollars’ worth of damages (Swann, 2007). It is said that the breach occurred because they did not have any security measures in place to protect consumer’s data such as their debit cards, credit cards, checking account information, and driver’s license numbers. Reports identified three major
…show more content…
Industry standards were not sustained by TJX. PCI Data Security Standard 3.4 requires that at minimum, the customer's "primary account number" (i.e., the customer's card number) be "rendered unreadable (Berg, Freeman, & Schneider, 2008)." Furthermore, PCI Data Security Standards 3.5 and 3.6 require merchants to protect the encryption keys used for protecting customer data from disclosure and misuse (Berg, Freeman, & Schneider, 2008).
You protect the loss of confidentiality by ensuring that data is not disclosed to unauthorized users (Gibson, 2012) and in this case, it was not protected. Even though they authenticated users within their organization, they did not have anything in place that prevented intruders from getting access to their employees’ user ID’s and passwords. The fact that they were using a WEP wireless network connection did not protect against loss of confidentiality and this gave the intruders access. The loss of integrity prevents any unauthorized or unwanted modification of data (Gibson, 2012). Loss of integrity was not protected either, for it took years for TJX to notice that their system had been infiltrated by hackers. They were creating their own ID’s and passwords and the gatekeepers were clueless. Preventing the loss of availability ensures that the information technology (IT) systems and