Introduction and case background
TJX Companies Incorporated (TJX) was founded in 1976 and includes six separate business concentrating on the off-price segment of the apparel and home fashion retail market. Altogether, it has over 2,400 stores and 125,000 associates and is the largest such retailer in the United states. TJX focuses on obtaining branded goods at low prices by purchasing wholesale from manufacturers and excess stock from department and specialty stores. This allows TJX to sell items at 20 to 70 percent their usual cost. Since the profit margin is small, TJX’s specialty is in utilizing information systems to maintain operational efficiency, vendor relationships, and scale along the entire value chain. In late 2006, TJX discovered …show more content…
It is able to leverage its profits and reputation to achieve goals that its competitors can’t. However, as a result of the 2006 data breach, this strong foundation is threatened. Significant financial loss has occurred because of lawsuits and remediation, and lowered consumer trust adversely impacted sales and TJX’s public image. The draw of data will continue to attract hackers in the future as well. Several weaknesses allowed the data breach to occur. First, attackers were able to obtain credit card numbers because they held the decryption key for the encryption software used at TJX to process credit cards. Second, wireless eavesdropping on the various computer devices at a Marshall’s store in St. Paul, Minnesota allowed attackers to gain access to TJX’s central database in Framingham, Massachusetts. Second, in-store kiosks were vulnerable to software loaded onto USB drives and the firewalls were not configured to protect against threats originating internally. Finally, lack of sufficient logs made forensic analysis difficult, if not impossible, to …show more content…
Currently, information security is seen as a technology issue, not a business one. If this continues to be the case, TJX will simply patch the holes that allowed the 2006 breach to occur, but not much beyond that. A passive approach will continue to be taken regarding customer data, creating the opportunity for future data breaches to occur. Since this would not require much change on the part of TJX. However, TJX could also take a more aggressive approach to protecting customer data. Not only would the issues with the current systems that allowed the data breach be patched, but new ones could be discovered and fixed by a special taskforce within the company. While this would involve some upfront and ongoing costs, as well as some potential restructuring, this would increase customer trust and help prevent future
TJX Companies Incorporated (TJX) was founded in 1976 and includes six separate business concentrating on the off-price segment of the apparel and home fashion retail market. Altogether, it has over 2,400 stores and 125,000 associates and is the largest such retailer in the United states. TJX focuses on obtaining branded goods at low prices by purchasing wholesale from manufacturers and excess stock from department and specialty stores. This allows TJX to sell items at 20 to 70 percent their usual cost. Since the profit margin is small, TJX’s specialty is in utilizing information systems to maintain operational efficiency, vendor relationships, and scale along the entire value chain. In late 2006, TJX discovered …show more content…
It is able to leverage its profits and reputation to achieve goals that its competitors can’t. However, as a result of the 2006 data breach, this strong foundation is threatened. Significant financial loss has occurred because of lawsuits and remediation, and lowered consumer trust adversely impacted sales and TJX’s public image. The draw of data will continue to attract hackers in the future as well. Several weaknesses allowed the data breach to occur. First, attackers were able to obtain credit card numbers because they held the decryption key for the encryption software used at TJX to process credit cards. Second, wireless eavesdropping on the various computer devices at a Marshall’s store in St. Paul, Minnesota allowed attackers to gain access to TJX’s central database in Framingham, Massachusetts. Second, in-store kiosks were vulnerable to software loaded onto USB drives and the firewalls were not configured to protect against threats originating internally. Finally, lack of sufficient logs made forensic analysis difficult, if not impossible, to …show more content…
Currently, information security is seen as a technology issue, not a business one. If this continues to be the case, TJX will simply patch the holes that allowed the 2006 breach to occur, but not much beyond that. A passive approach will continue to be taken regarding customer data, creating the opportunity for future data breaches to occur. Since this would not require much change on the part of TJX. However, TJX could also take a more aggressive approach to protecting customer data. Not only would the issues with the current systems that allowed the data breach be patched, but new ones could be discovered and fixed by a special taskforce within the company. While this would involve some upfront and ongoing costs, as well as some potential restructuring, this would increase customer trust and help prevent future