Big Labels, Small Prices, Even Smaller Software Protection

3 Mar

So from the different blog members on this topic we’ve learnt a lot about the causes of IS failures and looked in-depth in a few of the larger organisations failures.  I want to look at one last major company failure that I think is important to this topic. No discussion about causes of failures should be complete without mentioning T.J. Maxx.

T.J. Maxx, founded in 1976, (trading as T.K. Maxx in Europe) has more than 900 stores in America alone with over 230 stores in Europe and is one of Americas largest retail shops, offering discounted designer clothes, shoes as well as other areas like home ware and children’s toys.

T.J. Maxx had one of the biggest data theft cases that ever occurred, affected all national and international operations – cases of it were detected in Hong Kong and Sweden. It is believed to be the biggest hacking ordeal to happen to date. Although the system had been in place for years, this shows us that a system doesn’t just fail before implementation, it can fail to protect at any time.

In 2007, the company disclosed that their software systems had been hacked and exposing over 45.7 million customers to identity  theft. Computer hackers gained details of customers credit and debit cards. This just wasn’t a once off, or even in the short term though. This affected customers who had purchased goods in any T.J. Maxx store between January 2003 and June 2004 and the breach continued on a smaller scale until January 2007. The hackers successfully stole this information by installing software via wifi until the company’s system. T.J. Maxx only became aware of the breach when they became concerned over mysterious software on their systems. The company’s system failed to delete customer transaction details immediately and also failed to encrypt the information properly, and in some cases not to encrypt the data at all.

Globally, 11 people were charged because of the breach a year later in 2008. More people are still being charged with the offence. One of these people was Albert Gonzalez who was sentenced to 20 years in prison in March 2010 after admitting to stealing credit and debit card information from a number of companies, including T.J. Maxx.

Protegrity, an independent security provider, claims that from paying for credit checks and admin cost for managing the fallout from the breach, this hacking scandal will cost the company up to £800 million in years to follow. T.J. Maxx also has costs arising from lawsuits from the Massachusetts Bankers Association, the Maine Bankers Association and Connecticut Associated Banks. In order to stop this from happening again the company changed the software to mask security codes on credit and debit cards by using asterisks and not actual numbers.

This only goes to show that if you spend money to create working system, then you better maintain it; or it could end up costing you £800 million in the long run.



5 Responses to “Big Labels, Small Prices, Even Smaller Software Protection”

  1. sad109566511 March 4, 2013 at 12:57 am #

    Very informative blog,I really enjoy reading your blogs because you go into depth on different issues that are very relevant to your topic,keep up the good work 🙂

  2. sad111332336 March 4, 2013 at 10:11 am #

    Excellent blog, really informative, had no idea about TJ Maxx

  3. sad111350396 March 4, 2013 at 8:42 pm #

    Very interesting blog, never heard of this scandal before, just shows that by putting a system in place isn’t the end you must always maintain it!! Can’t believe it cost $800m to repair, crazy!! I wonder is this the biggest failure to date in IS..? Very relevent 🙂

  4. sad112540853 March 5, 2013 at 3:33 pm #

    Great blog 😀 I really like the title of the blog, very descriptive 😀 I look forward to the next blog 😀

  5. sad111302881 March 7, 2013 at 8:57 pm #

    Very interesting blog I didn’t know this happened and as a keen TK Maxx it is a very alarming story! It seems to me that this company’s IT staff did not have proper control over their IS. It’s a sad but true fact that hackers are becoming more and more sophisticated in their approach to scandals like this. This blog is very relevant as Facebook was hacked not so long ago and security sites in the US were too. I have followed all your blogs and they’ve been very informative, up-to-date and relevant. good job:)

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: