Recent Cyber security Incident- T.J. Maxx Breach

Name: 

Instructor:

Course:

Date:

Recent Cyber security Incident- T.J. Maxx Breach

Cyber security refers to protecting one’s personal data from unauthorized external access. A lot of valuable and classified information nowadays is being stored in computers. It is for this reason the demand for cyber security specialists are on escalating demand. Both the government and the private investors are using the internet in one way or the other thus cyber security skills are needed across the board. The recent cyber security incidents have triggered the need to protect the electronic infrastructure as vital information is contained therein. Intrusion into certain information in the business world may translate to lose of billions of money and that is why talent in cyber security has become a matter of urgency. In the government, leaks in classified information stored in government computer systems may comprise the national security.

Security breaches come in very many different forms ranging from virus attack to theft of hardware, system penetration (hack threat) to sabotage of data, and many others. The main reason why this is possible is that attack tools are cheaply accessible while others can be downloaded from the internet without a fee. With basic skills, a very significant damage on the system can be caused by an intruder since even a minor attack is capable of causing enormous destruction. These criminal acts however are of low threat as attackers can evade detection by concealing their pathway.

In the case of T.J. Maxx, there was an intense disclosure of secure information from approximately 45.5 million credit and debit cards (Kawamoto 2007). This data breach was considered one of the largest of its kind in the recent past. Over a period of 18 months, 45.5 million card numbers were stolen from its unsecured systems. According to the company, this was due to an illegal intrusion by an unknown number of people into its payment system. This lead to the compromise of personal data belonging to a big number of customers. The company announced that the intrusion into their systems began in May 2006 but went on undiscovered to mid December the date were revised after investigations. It showed that the intrusion began in July 2005 (Vijayan, 2007).

The breach of data was carried out in the system that stored and processed information on payments card, checks and merchandise. This affected customers from the United States of America, Puerto Rico and the United Kingdom. The type of data that was stolen has not been established since most of the data stolen had been deleted during normal operations. In addition, the company said the technology used by the hackers made it impossible for them to track the contents of the stolen files. This has opened a number of lawsuits filed against the company for reluctance to disclose details about the case in time. The Arkansas Carpenters Pension Fund is one of those customers that have filed a lawsuit against T.J. MAX.

The breach is the biggest ever in the history of card heist and has prompt companies to rethink their data security measures. This is following the kind of amount in loses that T.J. MAX has incurred and the numerous lawsuits thy have to battle with. It unpredictable how much will be spent by  the time all this is over but it is so clear a lot of resources will be used in this case. This case brought to people’s attention the reality of the existence of cyber criminals in the society and the need to deliberate on ways to fight them. Millions of dollars can be stolen by a simple click of a button hence need for an urgent and timely solution to this possible misfortune.

The event of a possible loss of secure and personal data in a companies system involves very profound implications on its reputation. Loosing such important information is catastrophic but more terrible is failing to notice that all is not well until things have gone out of hand. This may attract very negative gestures such as neglect of customer’s property and lack of commitment. The perception that losses are abounded may adversely affect the customer’s confidence in the company’s ability to protect their investments prompt anticipation of a bad outcome. With this kind of attitude and public opinion regarding an organization, the probability of the company to thrive is made slim as the days go by. Loosing customers without gaining new ones becomes the order of the day

A company’s sense of integrity is what gives one company an upper hand over its competitor. Any decision made regarding the companies response to a particular issue must be carefully thought of that it does not compromise the company’s integrity (Stanfield 2011). In the case of T.J. MAX, the decision not to divulge the details concerning the breach was one that compromised the level of integrity in the public opinion’s view. It is wrong and mischievous to withhold information that affects the company and consequently the innocent customers risking their investments without knowledge of it. This would create a feeling of dishonesty and suspicion in the end when the truth unfolds. At this point, people may not even want to listen rather they would be very skeptical and uncomfortable dealing with such a company.

Failing to secure a wireless network in one of its stores was the reason T.J.MAX was going through such a tough period ever since it started its operations. This however had a terrible implication on the company’s integrity. Professionally, that kind of a mistake is unheard of. This brought to doubt the competence of the company in handling credit and debit cards. The hackers had acquired even the encryption key even though they were able to intercept the credit card’s data even before it was encrypted. With the kind of intrusion experienced by the T.J. MAX Company, it could appear apparent that there was a great gap left unsecured due to either neglect or incompetence. This can really ruin the perception of the company’s integrity which consequently my cause serious implications on its existence.

A repeat of the same breach should be avoided at all costs, especially since the repercussions are quite serious. To deal with this therefore in future, deliberate measure must be taken in order to stop cyber criminals from tampering with people’s personal information and to promote confidentiality. It evident that it is almost impossible for a person to carry out any business without collecting personal identification information. While this true, one reserves the right to have his or her personal information held as confidential and private. Some other information other than personal information requires confidentiality as much. The military and intelligence agencies should be protected from data hacking as some information may be matters of national security.

Cyber criminals attack a company’s network through identifying their system weak points, interfering with the password and computer malware attacks. To avoid incursions, all areas in the organization that handle information resources should be shut down against vulnerability, violation of the pass code and keep away from malware attacks. This is achieved by installing core systems protection, IT compliance controls assessment automation, and endpoint management. Web messaging security solutions is also vital fight attacks. Security information and event management can be of assistance in identifying and notifying insecure network activity to prompt investigations.

To keep away from cyber security attacks, an organization must keep on protecting its database proactively as it is not enough to protect the perimeters. Data breach risk can be significantly reduced if protection policies through the servers, network and endpoints are put. If an incursion is successful, it is still possible to cease data breach by use of detective network software to avert exfiltration (Department of Homeland Security, 2011). To keep your data secure, you must know where it comes through into the company’s system, where it is changed, stored and shared with other people.

Information must be managed in a in a complete data flow and that is, date of creation, date of discarding, and a record of all the avenues it has been used in between date of creation to the date of disposal. The organization must come up with security measures and contracts with third party partners (Dawn 2011). The information security personnel must be consulted when a deal involves sensitive data in the organization. In preventing malware attacks, it is critically paramount to detect the software to establish the source and its nature. Eliminating shared secrets from the authentication process with social networking is another way of avoiding breaches. Most importantly, let the employees be informed about current tactics used by fraudsters. By educating them you put them in a position well equipped with knowledge on what to expect and hence can offer a better solution.

Knowing the damage cyber criminals can cause, every businesses including the government have embarked on finding solutions and some taking prior measures. This is to ensure such an event as that of T.J.MAX does not befall them due to lack of preparedness. The government is training cyber security personnel as one of the measures to fight the vice in the government premises bravely. To avoid such occurrences, it is necessary for all organizations to put network protection policies, thereby preventing huge losses that have the potential to cripple the entire business. Due to this reality, the demand for cyber security will rise even more as the economy keeps on the upward growth. This will see cyber security personnel become the most sort after profession in the near future. As the internet continues to offer more platforms for business to thrive, the need for skilled cyber security professionals will be inevitable.

References

Kawamoto, Dawn.  “TJX says 45.7 million customer records were compromised”. 29 Sep 2011. Web: 2011

Department of Homeland Security. “Cyber Security Tips” 29 Sep 2011. Web: 2011

Vijayan, Jaikumar. “TJX data breach: At 45.6M card numbers, it’s the biggest ever.” 29 Sep 2011. Web: 2011

Stanfield, Michael. “Lessons learned from the TJ Maxx Data Breach.”29 Sep 2011. Web: 2011.

Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.

[order_calculator]