One year later: Five takeaways from the TJX breach
The retailer has survived the massive data theft, but the card industry remains unsettled
The data compromise at the Framingham, Mass.-based retailer began in mid-2005, with system intrusions at two Marshalls stores in Miami via poorly protected wireless LANs. The intruders who broke into TJX's payment systems remained undetected for 18 months, during which time they downloaded a total of 80GB of cardholder data.
TJX eventually said that 45.6 million card numbers belonging to customers in multiple countries were stolen from its systems. Even that number may be far too low: A group of banks that is suing the retailer claimed in an October court filing that information about 94 million cards was exposed during the serial intrusions.
The sheer size of the data theft puts TJX in a league of its own among companies hit by such incidents, and the breach has made it something of a poster child for sloppy data security practices among retailers. In addition, the breach highlighted several familiar issues and some not-so-familiar ones.
Here, on the one-year anniversary of the breach becoming known, are five takeways for security managers:
Breach disclosures don't always affect revenue or stock prices ...
Despite being the biggest, costliest and perhaps most written-about breach ever, customer and investor confidence in TJX has remained largely unshaken. TJX's stock was worth about $30 per share when the breach was disclosed, and its closing price today was just over $29. Meanwhile, the retailer said this month that in the 48-week period that ended Jan. 5, its consolidated comparable-store sales increased 4% from the year-earlier level.
Clearly, TJX's customers weren't as concerned about the breach as many observers had expected they would be. Much of that no doubt has to do with the fact that consumers realize they themselves won't have to pay for any fraud that might result from payment card compromises, said Avivah Litan, an analyst at Gartner Inc.
... but they can be costly
TJX has said that in the 12 months since the breach was disclosed, it has spent or set aside about $250 million in breach-related costs. That includes the costs associated with fixing the security flaws that led to the breach, as well as dealing with all of the claims, lawsuits and fines that followed the breach.
For instance, settlements reached by TJX include offers of free credit-monitoring services for three years to consumers whose driver's license numbers were exposed in the breach, plus cash reimbursements, vouchers and a promised three-day customer appreciation event this year, during which the company plans to offer 15% discounts on all goods.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- The business impact of BYOA: Five major challenges and how your enterprise can solve them This E-Book reviews five major challenges of BYOA with key subject matter experts and outlines how businesses can solve them.
- BYOA: Embracing the Opportunity, Controlling the Risk This whitepaper explores the shift from BYOD to BYOA (bring-your-own-application) and how IT departments today can address this new change in the IT...
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!