Security Breach The TJX Corporation, a major retailer with stores in the United States, Puerto Rico, and even the United Kingdom, experienced one of the largest security breaches. Millions of their customer’s credit and debit card information were stolen over a seventeen-month period. The TJX Corporation announced to the public on February 21, 2007 an unauthorized user had accessed their security system and the sensitive information stored in their system had been compromised. The span of unauthorized access went unnoticed from the first hacking in July of 2005.
The usual encryptions, that protect vital information like credit card numbers and accounts, had been broken down by the hacker. The files, as far as 2002, that were accessed were vulnerable to theft. Furthermore, the intruder was not even detected until December of 2006. There was much controversy in the manner the information was made available to the public. The consumers’ whose account information was violated had to learn they were at risk of identity theft from the local news. The millions of T. J. Maxx, Marshalls, HomeGoods, and A.
J. Wright costumers’ personal information had been infiltrated by a source that the TJX Corporation was unable to detect for seventeen months and also were unable to determine if the hacker had also interfered in the purchasing process. Aside from the 45. 7 million customer information that was exposed to criminals, TJX also had to rebuild their creditability with their customers. Analysis What could have been done to avoid such a massive a breach of security? How many more times could the same problem happen?
Can sensitive information be trusted to large corporation who manage millions of accounts? For the millions of customers that relied on holiday shopping at the TJX stores learned that for the past two years, there was a problem with the safety of their information. But why did the TJX Corp not mention something once they learned there was a problem? It is after all business. With the holiday season being the number one time to earn, it is understandable why TJX kept the breach under wraps, perhaps unethical, but yet savvy. What can be said of the security?
The encrypted information had been broken and the system was left vulnerable to the advantage of the hackers, whom had plenty of time to go from one system to the other, setting up their own firewalls and encryptions, that were not seen as suspicious. The mismanagement of the system security was the main problem. Such a large corporation, with a very successful business and loyal customers, could have enough in their large corporate budget to only have the best security systems. Period. It only begs the question of how? How could this have happened without someone noticing before?
The question of how long did the TJX company really know that their customer’s information was being stolen. Again, business is business, the TJX Corporation had to remain in the best light amidst such chaos. Perhaps it would have been better for their customers to know before the holiday shopping season that there was a problem when using their credit cards, but it would have been that much disastrous for the income of the company. The only problem with withholding information like that from the public is the lost of the customer’s business.
Aside from the timing, seventeen months from the first alleged hacking and after the holiday shopping season, the manner in which the information was presented to the customer. The public announcement via local news was not the best way to deliver such sensitive news. People’s entire lives depend on the safety of their identity and credit. The trust of the company’s customer was lost. Such an event must be handled differently. Solution Once the problem has been assessed, the rebuilding of the customer relationship is the most important part. What does the TJX Corp. ave to offer? They can begin by assuring their customers the system that is set up to protect their private information will be the best and be better maintained. The most important change would be the storage of customer information. Perhaps they would only be allowed to keep such information as card numbers and accounts for a certain period of time. As a sign of good faith the corporation could offer discounted rates on their credit cards and even some compensation to the thousands of customers who were victim to credit card fraud as a result of the breach.
Rebuilding the relation is important, but is it the best for business? Should the corporation claim mea culpa? As a business establishment, the TJX Corp. has to also approach the situation with a strong aspect of resiliency. To take the issue as a fault on their part would tarnish any future business because then it is the company that is flawed and the system that failed to protect the information. They could also continue on without taking any fault and completely set the concerns and demands of their customers.
The TJX Corporation has enough revenue and product power to move past the issue without loosing very much money. Perhaps it would be the best route, but it would be possible. The relationship between seller and client would be risked, but there are many more new consumers in the market. Aside from selling designer deals, the TJX Corp. has to sell the same image that had brought in so much business. The approach they took was perhaps not the best for the relationship with customers, yet they also must maintain some integrity for their business.
Had they decided to take full responsibility for the issue t would cost the company not only millions in law suits, but also their selling power. They would not be the same company if they had offered extreme savings that could affect the profit. There are customers and stockholders that are at opposite ends of the spectrum. The middle choice is perhaps the best of both: the TJX Corp. takes no personal responsibility, but also tries to reconnect with the consumer and regain some of the business lost after the security breach.