So from the different blog members on this topic we’ve learnt a lot about the causes of IS failures and looked in-depth in a few of the larger organisations failures. I want to look at one last major company failure that I think is important to this topic. No discussion about causes of failures should be complete without mentioning T.J. Maxx.
T.J. Maxx, founded in 1976, (trading as T.K. Maxx in Europe) has more than 900 stores in America alone with over 230 stores in Europe and is one of Americas largest retail shops, offering discounted designer clothes, shoes as well as other areas like home ware and children’s toys.
T.J. Maxx had one of the biggest data theft cases that ever occurred, affected all national and international operations – cases of it were detected in Hong Kong and Sweden. It is believed to be the biggest hacking ordeal to happen to date. Although the system had been in place for years, this shows us that a system doesn’t just fail before implementation, it can fail to protect at any time.
In 2007, the company disclosed that their software systems had been hacked and exposing over 45.7 million customers to identity theft. Computer hackers gained details of customers credit and debit cards. This just wasn’t a once off, or even in the short term though. This affected customers who had purchased goods in any T.J. Maxx store between January 2003 and June 2004 and the breach continued on a smaller scale until January 2007. The hackers successfully stole this information by installing software via wifi until the company’s system. T.J. Maxx only became aware of the breach when they became concerned over mysterious software on their systems. The company’s system failed to delete customer transaction details immediately and also failed to encrypt the information properly, and in some cases not to encrypt the data at all.
Globally, 11 people were charged because of the breach a year later in 2008. More people are still being charged with the offence. One of these people was Albert Gonzalez who was sentenced to 20 years in prison in March 2010 after admitting to stealing credit and debit card information from a number of companies, including T.J. Maxx.
Protegrity, an independent security provider, claims that from paying for credit checks and admin cost for managing the fallout from the breach, this hacking scandal will cost the company up to £800 million in years to follow. T.J. Maxx also has costs arising from lawsuits from the Massachusetts Bankers Association, the Maine Bankers Association and Connecticut Associated Banks. In order to stop this from happening again the company changed the software to mask security codes on credit and debit cards by using asterisks and not actual numbers.
This only goes to show that if you spend money to create working system, then you better maintain it; or it could end up costing you £800 million in the long run.