Page 340 -
P. 340

298   Chapter 10 • Global, Ethics, and Security Management


                affected were T.J. Maxx, Marshalls, Homegoods, and A. J. Wright stores in the United
                States and Puerto Rico. The stores affected in Canada were HomeSense and Winners.
                Current reports indicate the hacker had access from a time in July 2005 to mid-December
                2006. Along with credit and debit card numbers that were stolen, some driver’s license
                numbers with names and addresses were compromised. As the ongoing investigation
                continues there is concern that even stores in the United Kingdom are affected.
                     The announcement to the public occurred about one month after the breach was dis-
                covered. Once the breach was discovered, the areas that allowed for the network breach
                were closed. Law enforcement along with external security experts was called in to investi-
                gate and evaluate the breach and how to prevent it in the future. The cost for this breach and
                subsequent cleanup will be large. Affected TJX customers are being notified, banks are
                reissuing credit cards, and the security consulting and intrusion detection around the breach
                is going to be expensive in addition to the fraudulent activity related to the stolen numbers.
                A breach like this may last for years and affect consumers over the next five years or longer.
                     Breaches like TJX are more common with today’s increased e-commerce and e-Business.
                Networks, servers, and services are constantly being stressed to look for weak links. Information
                technology security systems are in need of constant scrutiny by companies engaged in storing of
                personal information. In the TJX case, the costs involved in correcting the security hole and the
                ongoing investigation, along with notifying consumers, may also see a loss of sales revenue.
                Current analysis is not conclusive, but as time goes by consumers may lack trust in businesses
                that do not appropriately safeguard consumer identities from fraudulent activities.

                CASE QUESTIONS
                   1. What are the costs involved in the TJX network breach?
                   2. As this investigation unfolds, research the additional costs or loss of revenue to TJX
                     and the credit card companies involved.
                   3. What should TJX have done to prevent this breach from occurring? Could they have
                     stopped it?
   335   336   337   338   339   340   341   342   343   344   345