Essay sample library > TJX Security breach

TJX Security breach

2023-02-08 09:06:46

When shopping in a large department store, ordinary consumers never use credit card three times. Most POS terminals and credit card terminals are selected by multiple companies. Therefore, this means that you only need to know how hackers exploit vulnerabilities on some systems. When consumers purchase, there is no doubt that "my transaction is safe?" We do not doubt whether the company's information technology department has updated all computer systems to the latest version.

Headquartered in Framingham, Massachusetts, TJX is a leading discount fashion and retailing company. The TJX brand operates in the US and Canada and Europe. In mid-2005, inspectors noticed that the TJX credit card system experienced serious security breach. This vulnerability was first discovered in Marshall, Minnesota, St. Paul, and hackers implemented a "drive war" strategy to steal customer's credit card information. This incident is believed to be the largest security breach in the history of the United States, with more than 46 million debts and credit card numbers infringed. Due to TJX's security breach, the major members of the credit card association have decided to establish the payment credit industry data security standard (PCI DSS) in order to better regulate the security needs of the merchant's credit card system . According to further investigation, these TJX violations can be traced back to 2003.

Choose to act in TJX and not comply with specific PCI DSS standards. Despite these violations, sales are growing. Looking at the advice I do, management must first recognize the role of cyber security in its overall business structure. They must maintain ongoing interactions with IT professionals (to evaluate business opportunities and business risks) to ensure that implementation strategies continue to evolve. McKinsey 's "Meeting the Cyber ​​Security Challenge" article focuses on the use of the "business regression" approach. In this case, the company must target the most important business process, not the current technical vulnerability. Specifically, we recommend that TJX separate its credit card information. As stated in the article, "The task is very complicated if you separate the credit card number and the expiration date" (page 28) Case-specific issue