The company used Wired Equivalent Privacy encryption system to handle their client’s credit and debit card information. This system was very easy for any hacker to gain access to people’s information. It was completely out of date and did not encrypt anything within the company, which made it more vulnerable. They did not install firewall security correctly. TJX had purchased many other security programs that were not properly installed.
They kept customer’s information in their system longer than what is required by law. TJX could have switched to WiFi Protected Access (WPA) to encrypt their client’s personal data information, but failed to do so. This system is much more sophisticated that the previous system and it encrypted everyone’s information, because it was more complex. Firewalls should have been installed correctly because it could have been prevented and would have saved the company the embarrassment of knowing that their system was not safe.
This data should have been protected when transferring information over a wireless connection. The business effect of TJX’s data loss will cost them significantly. Because of their incompetence of not installing the proper software needed to ensure customer’s information, this will cost them $202 million to deal with the theft and the lawsuits brought on. They agreed to strengthen their system security and agreed to have third-party auditors to check their security features every 2 years, for the next 20 years.
There was research conducted by a company called Forrester Research, which estimated that their business would cost them $1 billion for the next five years. This finding was based on the cost of additional marketing, security upgrades, consultants, and attorney fees. The moral dimension that may be applied is the fact that they need to ensure that the customer’s information is secure and encrypted. The next thing for the company is to take full responsibility for the data loss when they could have taken the simple measures of doing so.