Benjamin Ngugi, Glenn S Dardick and Gina Vega
In January, 2007, TJX reported that it had suffered from a computer intrusion. The company was sure neither of the identity of the perpetrators nor of how many customers were…
Abstract
In January, 2007, TJX reported that it had suffered from a computer intrusion. The company was sure neither of the identity of the perpetrators nor of how many customers were affected. A deeper analysis revealed that the intrusion had started earlier and affected more customers than previously thought. Ensuing investigation concluded that TJX was collecting unnecessary information, keeping it for too long and employing obsolete and insufficient safeguards. TJX denied any wrongdoing but implemented most of the recommended remedies to strengthen their security.