Tjx Corporation

In: Business and Management

Submitted By babitalata
Words 3688
Pages 15
Executive Summary
The TJX Corporation is a large retailor with stores throughout the United States,, Puerto Rico and United Kingdom. In 2005, a security breach of credit card information occurred through a seventeen-month period. The intrusion of customer personal information has grossed the concern of the security among their IT infrastructure.
The following criteria based upon their security concerns and customer relationships recovery. Their growth as a discount retailer is dependent on the course of action they must take. They will adhere to a secure network, protect their stored data, prevent future intrusion of their system, restrict access to unauthorized users and frequently test for the implementation of their security measures.
TJX will focus on establishing IT governance, mitigate risk, and develop a management strategy through the following alternatives. They will focus on hardware and software upgrades to prevent future attacks of their communication lines and their network through enhanced software and data encryptions. A Payment Card industry Data Security standard has been established and must be maintained by TJX, an implementation from the IT security team will be completed on a regular basis ensuring that all files and file transfers are appropriately encrypted. Internal and external security and network audits will need to be performed on a regular basis to comply with the PCIDSS. This will allow for testing of their system access and identify concerns within the security system. In addition, process logs will be added to detect access to accounts. This will identify unauthorized use and theft of data.
It is recommended that TJX upgrade their current network and security protocols, ensure terminals at kiosks are properly secured and firewalls will be installed.
TJX will use the following 8 Keys to Sane Security Strategy and implement the…...

Similar Documents

Case Study Tjx

...MMIS 684 Information Security Management Assignment 3 Assignment 3 requires you to critically review the assigned case study and write a report to address the following questions. Question 1. Kindly provide a review of the case. Question 2. What do you consider to be the points of failure in TJX’s information security? Identify and explain at least three failure points. Question 3. How should information security at TJX be improved? Identify and explain at least three priorities. Question 4. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? Kindly justify your position. Kindly make sure that your submission is organized according to the above listed three questions. Specifications for the assignment 1. Length of the paper a. Maximum length = 2,500 words (not including references and appendices) 2. The general text of the paper, excluding headings and title, should be written with following format specifications a. Font: Times New Roman b. Font Size: 12, regular c. Line spacing: double spaced d. Alignment: left e. Margins (inches): Left: 1.25; Right: 1.25; Top: 1; Bottom: 1 3. Do not forget to write your name as a header on each page. a. Font: Times New Roman; b. Font size: 9 regular c. Right aligned 4. Please enter page number as footer for each page. 5. Submit the assignment as Word document (and not pdf extension). 6. Do not attach Certificate of Authorship. Do remember that you are required to submit original work only. Plagiarism is a......

Words: 288 - Pages: 2

Checkpoint: Tjx Companies

...Tonisha Miller IT/205 Jennifer Gilmore CheckPoint: TJX Companies The old Wired Equivalent Privacy (WEP) encryption system was the security controls in place. A Wired Equivalent Privacy (WEP) is not very effective. WEP is built into all standard 802.11 products, but its use is optional. Many users neglect to use WEP security features, leaving them unprotected. The basic WEP specification calls for an access point and all of its users to share the same 40-bit encrypted password, which can be easily decrypted by hackers from a small amount of traffic. Stronger encryption and authentication systems are now available, but users must be willing to install them. TJX had also neglected to install firewalls and data encryption on many of the computers using the wireless network, and didn’t properly install another layer of security software it had purchased. TJX acknowledged in a Securities and Exchange Commission filing that it transmitted credit card data to banks without encryption, violating credit card company guidelines. TJX also retained cardholder data in its systems much longer than stipulated by industry rules for storing such data. The tools and technologies that could have been used to fix the weaknesses are some of the following: General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure. On the whole, general controls apply to all......

Words: 753 - Pages: 4

Security Breach at Tjx

...Overview This case analysis report is about the IT security problems that Owen Richel, the Chief Security Officer of TJX should consider to improve by analyzing some security issues that TJX had faced during the 2005-2007 database intrusion. As technology advances, companies are facing some challenges regarding information privacy. “Information privacy concerns the legal right or general expectation of individuals, groups, or institutions to determine for themselves when, and to what extent, information about them is communicated to others.” (Lecture notes) One of the privacy problems includes unauthorized access, which violates the laws and company’s policies, can limit a person to access to his/her personal information, and threaten the company’s legitimacy in its interactions with its stakeholders. In this case, TJX experienced an information security breach, caused over 94 million of payment cards at risk, and paid $158 million for damages and losses. This serious problem was recognized by Owen and thus case discussion is carried out as follows. Stakeholders & Preferences Some of the important stakeholders are customers, financial institutions, vendors and distributors, shareholders, and the management and employees. The most important stakeholder is the customers that TJX has been long serving with because they are the very first group of people who were affected by the intrusion. It was the customers’ debit and credit cards information that were stolen which...

Words: 1948 - Pages: 8

Security Breach at Tjx

...Security Breach at TJX 1. Identify & describe the failure points in TJX's security that requires attention (including, but not limited to: People, Work Process, and Technology)? After analyzing the Ivey case on TJX data fiasco, I would say there were three major failure points that caused this $168MM financial hit to the corporation. * Technology: it is obvious that TJX had several technology deficiencies mainly driven by systems limitations and vulnerability. For example, inadequate wireless network security allowed the hackers to attack specific stores just by using a laptop and an antenna which permitted the thieves access to the central database. As it was mentioned in the business case, TJX was using (WEP) as the security protocol and it is well-known in the e-commerce arena that WEP encryption can be deciphered in less than one minute which makes it very unreliable and risky for business transactions. Last but not least, TJX failed to encrypt customer data. * Auditors: it is concerning that TJX passed a PCI DSS check up and that non auditor noticed the technology issues TJX was facing. * Executives at TJX: It is evident that the company wasn’t in compliance with the Payment Card Industry (PCI) standards. Primarily, the person in charge of the IT department should have been on top of ensuring TJX to be in compliance, by setting expectations and objectives pertained to security within its organization. In addition to the head of IT,......

Words: 826 - Pages: 4

Tjx Companies Case Study

...profitable growth year after year, through many types of economic and retail cycles. With over 3,000 stores in six countries, approximately 179,000 associates and a fresh e-commerce presence, and they are growing faster than ever (“About the TJX Companies, Inc.,” 2014). Through T.J.X. Company’s innovative buying and sourcing strategies, they discover and deliver value for shoppers in many ways. Their goal is to provide customers with quality merchandise for the entire family, every day. Value means more than price to T.J.X. Company professionals; buyers are trained to recognize that true value is a combination of fashion, quality, brand and price. T.J.X Companies are known for their brand name and designer fashions at 20-60% off department store prices. They are able to do this by purchasing merchandise from designers when they over produce or other department stores over purchase. They go in during these certain situations and negotiate the lowest possible price to pass on the savings. How they buy is just as important as what they buy. They pride themselves in never having the same selection twice with new arrivals every week (“About the TJX Companies, Inc.,” 2014). The company operates in four segments: Marmaxx, HomeGoods, TJX Canada, and TJX Europe. Its apparel and home fashion chains sell family apparel, including footwear and accessories, fine jewelry and accessories; and home fashions comprising home basics, accent furniture, lamps, rugs, wall décor, decorative......

Words: 5544 - Pages: 23

Tjx Companies Global Strategy

...Global Strategic Management A Case Study of the TJX Kestrel L. Ambrose American Public University System Abstract TJX Companies, Inc. is known as the world’s leading off-priced retailer of apparel and home fashions. With its steadily growing brand portfolio, the company aims to offer consumers better value proposition than department stores. Keywords: global strategic management, corporate governance, off-price retail, Global Strategic Management: A Case Study of The TJX Companies, Inc. Company Overview Based in Framingham, Massachusetts, The TJX Companies, Inc. (TJX or “the company”) is the leading retailer of off-priced fashion and home goods merchandise in the United States and worldwide. The company’s brand portfolio includes T.J. Maxx, Marshalls, HomeGoods and the Sierra Trading Post in the U.S.; Winners, HomeSense and Marshalls in Canada; and T.K. Maxx and HomeSense in Europe. These stores specialize in brand name apparel, footwear, accessories and home décor merchandise at discount prices, usually 20- 60% below department and specialty store prices. In 2013, TJX ranked 115th in the Fortune 500 rankings, jumping 10 spots from the previous year. This ranking makes the company number one in the specialty apparel retail industry on the Fortune 500 list, followed by Gap, L Brands, and Ross [ (Cable News Network, 2014) ]. Market and Products TJX operates in the niche off-price segment of the retail industry. The company operates under four major......

Words: 2405 - Pages: 10

Computer Security & Privacy - Tjx

...Computer Security & Privacy - TJX Case Backgroud: TJX, largest apparel and home fashions retailers in the off-price segment was struck with Security Breach in all of its eight business units in US, Canada and Europe. Intruder had illegally accessed TJX payment system to hack personal and credit/debit card information of an unspecified number of customers. Security breach had affected Customers - pay for the purchases made by the intruders/ card invalidated / expiring the spending power, Financial Institutions –re-issue the cards for those customers whose information was compromised, Store Associates –change their credentials for system access, Vendors, Merchandisers - Modify the information shared due to mutual network and Richel Owen, CSO- design long and short term strategy to address the security breach issue. Intruders utilized the data stolen to produce bogus credit/debit cards that can be used at self-checkouts without any risks, and had also employed gift card float technique. Case Analysis: TJX learnt about the hacking on December, 2006 through the presence of suspicious software and immediately called in Security consultants for assistance. TJX had been intruded at multiple vulnerable points – Encryption, Wireless attack, USB drives, Processing logs, Compliance and Auditing practice. Encryption - Intruder had accessed the card information during the approval process and had the decryption key for the encryption software used in TJX. This can be addressed by......

Words: 620 - Pages: 3


...Partnership or Corporation 1. What are some of the advantages and disadvantages of Thomas and Bryan forming a corporation? First of all, a corporation is a legal entity, created by the state, whos assets and liabilities are separate from its owners. It has some rights, duties, and powers of a person, as well as the rights to receive, own or transfer property. It is also important to mention that corporations are typically owned by many individuals and organizations who shares of the business, called stock. After this, I found some advantages or disadvantages for Thomas and Bryan if they want to form a corporation. Disadvantages: First of all, they will not be able to form a corporation in any State of the U.S. According to the law, there are some states in the U.S. that do not allow corporations owned by only two individuals. Information play an important role in any corporation, it takes a long time, as well as a lot of money to make annual reports with financial information of the office theys want to put, the flowers, and all that stuff, that is probably going to take a good part of the $10,000 of their initial contribution. Fees and formality will be some other disadvantages of turning the business into a corporation, considering that the Capital contributed was not a big amount. Finally, we cannot forget that corporations have potential double tax consequences (once when the company makes its profit, and a second time when dividends are paid to shareholders),...

Words: 834 - Pages: 4

Security Breach at Tjx

...Question 1 TJX is the parent company of popular off-price retailers like TJ Maxx and Marshalls. Based in Framingham, Massachusetts, TJX has over 2,400 stores worldwide and earned US$17.4 billion in sales during the 2007 fiscal period. On December 18th, 2007, TJX discovered that it fell victim to one of the largest data theft cases in American history. Approximately 94 million credit and debit cardholders were affected by the attack. The American Secret Service and FBI had to investigate the breach and TJX lost millions of dollars in the following years due to class-action lawsuits and investigation costs. This report will analyze the causes of TJX’s IT security weaknesses and provide recommendations on what the company should do in the short-term and long-term to ensure something like this never happens again. Question 2 Management – TJX’s management needs to move fast and implement better IT security measures to prevent an attack like this from ever happening again. They must accomplish this while balancing lawsuits from credit card companies & customers and ongoing federal investigations while still managing day-to-day operations. TJX has already booked a provision of $168 million related to the attack and does not want to suffer any more financial loss. It also needs to regain customer confidence, which is crucial to maintaining its market leadership and sales. Customers – TJX’s customers have lost confidence in the company’s ability to store its......

Words: 2721 - Pages: 11

Tjx Companies

...es2013 Luz Gomez Stephanie Gomez 11/20/2013 TJX COMPANIES, INC. TJX Companies, Inc. The Fortune 500 is a list that ranks the top 500 corporations as ranked by their gross revenue after modifications are made to exclude the impact of taxes. As an advisory board, we would like for you to invest your money where we feel that you would make maximum profit. Until a few years ago, TJX entered into the Fortune 500 rankings with a $15 billion revenue and the company has continued to strive ever since. TJX has sustained and will maintain their upward direction in the stock market and the stock has potential to progress in the upcoming years. As a result, more and more investors are being intrigued with the success of this company because of the rise in the market. Investing in this company would be ideal because of its positive pattern and great strategy to attract consumers. Walking into department stores can be aggravating at times. The prices of certain items can shoot of the roof, and the brand may not even be of good quality. If you want to buy furniture, you have to walk into a whole different store. This not only wastes time, but it can turn into a hassle. Running over here then running back, it just doesn’t make sense. What if I told that you can get best of both worlds? Literally! TJX Companies Incorporated is the largest international fashion apparel and home fashions off price department store in the United States. The mission of the company is to deliver brand......

Words: 3254 - Pages: 14

Tjx Case Study

...TJX case study Hanover Yuyang zhang 1. What were the root causes of this breach and how could it have been prevented? The root causes of this breach are the whole system is not consummate enough. Date security problem is the main issue at all merchant. Comply with PCI DSS standard is the easy way to prevented but also need customers have security consciousness. Update the new technology like biometrics identification technology to ensure payment security. 2. In general, what are the respective roles senior operational management vs. IT management must play in protecting their company’s information assets? (Utilize the companion article for assistance). Senior operational management need distinguish which information assets are most critical and what roles do cybersecurity and trust play in our customer value proposition. IT management have to develop and maintain the crossfunctional appproach to cybersecurity. And how to take steps to keep data secure and support the end-to-end customer experience. IT management also need to do how are we using technology processes to protect our critical information assets. 3. With increase of Card Not Present-CNP (i.e. “wireless” payments) who should pay for fraudulent payments (i.e. Apple, At&T, retailer, card issuer, etc.) and how would your recommendations make the respective players more accountable? I think the technical support company like Apple should pay for fraudulent payments. As we know, Apple pay is......

Words: 355 - Pages: 2

Tjx- Hacker Research

...How was TJX vulnerable to breaches? How did the situation escalated into a full scale breach. TJX was vulnerable to the breach because of failed attempts to update security which could have prevented the breach. TJX performed an audit and it found that it was non-compliant with 9 of the 12 requirements for a secure payment transaction. Gonzalez used a simple packet sniffer to hack into the system. The packet sniffer Gonzalez used went undetected for several months. TJX failed to notice any data being transferred from their own server which allowed them to lose 80 GB of data. Gonzalez had blind servers in Latvia and Ukraine that were used to breach the system (NT2580: Week 1). Gonzalez performed reconnaissance on their retail stores. Then Gonzalez determined a weakness in the payment systems and utilized malware to intercept credit card information. Gonzalez committed this crime between 2006 through 2008 before being caught. Gonzalez was an informant for the Secret Service which Gonzalez took part in an undercover operation related to a card theft case (Sileo, Operation Get Rich or Die Tryin' Still Lives). Gonzalez was sentenced for the largest computer crime case that has been documented. The only motive Gonzalez has was technical curiosity and obsession with conquering computer networks. Gonzalez’s attorney argued that some of the loses were the result of TJX’s own negligence. If security upgrades were done then it may have prevented the breach (Zetter,TJX Hacker......

Words: 407 - Pages: 2

Security Breach at Tjx

...for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT security? 3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How did a smart and profitable retail organization get into this kind of situation? Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT security? 3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How did a smart and profitable retail organization get into this kind of situation? Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT......

Words: 785 - Pages: 4

Tjx Companies

...TJX companies are known to have a firewall system that does not block any activity that is suspicious on its own networks. Those data encryption that’s used to secure the wireless network at the TJX store outdated. Several of the home wireless networks are secured by using WPA or WPA2. This technology is a lot more complicated to crack. TJX were still using outdated WEP encryption. TJX locations each were lacking those firewalls and data encryption protocols. The company saved the debit and credit card which is also a violation of all card data security standard. The standard was created to reduce any debit and credit card data stored in the merchant systems. Lack of compliance wasn’t intended but the legacy software did not meet the current security standards. The TJX used several available tools to prevent, and limit the impact. Antivirus and the proper firewall software is installed on each machine and is attached to the network should be in place. Security of the wireless networks should have been created to prevent any possible hacks into the system. Data encryption and appropriately secure those passwords to prevent the attack. When there is lack of proper security the TJX companies will have to pay about 11 billion dollar. The banks that provided the cards that were stolen were forced to spend 300 million dollars to replace those stolen cards which are very expensive all because of card information being stolen. TJX responsibility was to make sure that each of......

Words: 289 - Pages: 2

Check Point at Tjx Company

...Check point TJX Company IT/205 MAY 24, 2012 Check point TJX Company Information security means protecting information systems from unauthorized access. To my understanding TJX failed to properly encrypt data on many of the employee computers that were using the wireless network, and did not have an effective firewall installed. In the reading it indicated that TJX was still using the old Wired Equivalent Privacy (WEP) encryption system, which is relatively easy for hackers to crack. The Wi-Fi equivalent privacy (WEP) was considered old, weak and ineffective, therefore I could say the security breach that TJX had experience was a resulted by using a cheap and inexpensive wireless Wi-Fi network like the Wired Equivalent Privacy (WEP) encryption system, which make it easy for hackers to navigate. This is why it is important that TJX should have invested in using the wireless Wi-Fi Protective access 2 (WPA2) The Wi-Fi Protected Access 2 (WPA2) standard in conjunction with a sophisticated encryption system could have been used to replace the WEP. In that situation an effective firewall would have prevent unauthorized users from accessing private networks, meaning firewall acts like a gatekeeper who examines each user’s credentials before access is granted to a network. An effective Firewall could have reduced the ability for hackers to gain access to sensitive information. A data security breach could result a variety of issues some of them could be loosing of......

Words: 436 - Pages: 2