T.J Maxx is also known as TJ’s or the Maxx. It is an American department chain store that belongs to TJX Companies. It is a major retailer that deals with clothes and has more than nine hundred stores. It was created in Framingham as a nameplate of the Zayre discount department store chain. Zayre later on changed to TJX Companies. TJX then opened their first chain store in the year 1994. They later on changed the name TJX to T.K. Maxx. This was done in order to avoid any mystification with the recognized British vendor chain TJ Hughes. T.J Maxx contributes to charity work by supporting Save the Children campaign. Each store belonging to T.J Maxx espouses a child (Jack, 2008).
In the year 2007, T.J Maxx received some setbacks through a computer security breach. Hackers were able to access information regarding debit card accounts and also credit card accounts. They were able to view transactions that had taken place since the year 2003 on January. This led to the company being sued by various parties including banks like Connecticut Associated Banks. The breach however, led to the arrest of someone known as Albert Gonzalez who had stolen credit card details from a number of companies for example T.J Maxx. The culprit had also stolen debit card details of the same companies which led to him serving twenty years in a centralized prison (Abol, 2012).
T.J Maxx Breach
As stated earlier, T.J Maxx experienced a major security breach that involved hacking of its computer system. This led to retrieval of close to forty five million credit cards and debit cards. A great number of those cards had already expired by the time the breach occurred. TJX was however, uncertain of whether the data that is available on the magnetic strips had been veiled. TJX reported that the first breach occurred in the year 2005 on July by either a hacker or hackers who managed to access information from customer dealings that had occurred as late as the year 2003 on January. TJX also reported that the hackers stole Information on transactions from 45.7 million cards starting from January 2003 to November twenty third in the same year. Investigations into the breach came up with a report that indicated that there were three major loopholes that led to the breach. The company might have had an insufficient wireless network security. The company might have also been vulnerable due to inappropriate storage of data that belonged to its customers. Lastly, the company might have been vulnerable since it failed to encrypt account data of its clients. I shall now look at each of these three areas that might have led to the security breach (Matt, 2003).
The wireless network security might have been inadequate hence exposing the company to hackers who easily accessed data information. The storage where the first breach occurred had an insufficiently secured wireless network. Overtly, the network was using a security modus operandi that is usually known as wired equivalent privacy. One disadvantage of this kind of security protocol is that it is always easy to hack or crack. Wired equivalent privacy also does not offer security when it comes to WI-FI protected access protocol. The hackers broke into the storage network and were able to gain access to client’s account information from the debit and credit cards (Matt, 2003).
Inappropriate storage of customer data might have also led to the security breach. Reports from investigations carried out show that TJX was laying up all track contents that were examined from each and every credit and debit card. They also incorporated the validation code number of the cards that is, the PIN or personal identification number. This is against clearly stated guidelines as stipulated in the PCI Data security standards. TJX did not over see potential dangers that could have culminated from storing such sensitive information after payments have been made. TJX might have also been using an old point of scale software that helps in capturing data from all cards. TJX could not be able to apply configuration settings that would enable it to act in accordance with PCI standards. It is also highly likely that the POS software was ample but had reprehensible configurations (George, 2009).
The company also failed to encrypt customer data. The investigation report indicates that the huge number of falsified dealings that were witnessed in the TJX breach might be due to the fact that the data was not encrypted. There is also a possibility that the hackers illegally acquired the encryption key. The most obvious reason is that the company did not abide to industry standards. The company was supposed to ensure that vital; and sensitive information regarding a customer’s card should not be readable. Data security standards also advocate for companies to safeguard the encryption keys which are normally used in protecting customer data from exposure and misuse (Jack, 2008).
The breach led to the company paying certain amounts of money to several companies after it was sued. The breach led to loss of confidentiality in some of the customers. This is because the breach led to the retrieval of information from these cards. It led to exposure of client’s information. Their privacy was violated which led to loss of confidentiality and to an extent integrity. This is because the credit cards and the debit cards contained personal information on the customers. The magnetic strip usually has a lot of information regarding the customer (Scott, 2012).
The breach was an eye opener that taught the company and also other companies a great lesson. It led to personification by people to whom fake credit and debit cards were sold to. Strategic measurements have been put in place to help in averting such a breach from occurring again. Technological improvements have been improvised to help in ensuring that the security breach does not reoccur. One of the technological improvements is the use of a security protocol that is not easy to crack. The company should also avoid collecting a lot of personal information that is unnecessary. Data that has been collected should also not be stored for long periods. The company should also ensure that all data is always encrypted and that encryption keys are adequately protected (George, 2009).
Security breach is not a new thing that just happened in our world. It has been there and computer hackers get smarter every day. T.J Maxx breach is one of the biggest security breaches that have ever occurred. The breach exposed the company’s weakness in protecting customer’s card data. The company had weak security protocols that were easy to hack and crack. Organizations or companies that normally carry out transactions using cards are always an easy target to potential hackers. This is because they contain personal information on various people. TJX should ensure that all data is encrypted and it should also avoid collecting a lot of personal information.