TJX Companies had several weaknesses in the security controls meant to safeguard their computer systems. First, they were using WEP encryption system which was easier for hackers to gain access instead of using WPA encryption system (Laudon & Laudon, 2011). Secondly, TJX was neglecting to install firewalls and data encryption system for those computers that were using wireless networks (Laudon & Laudon, 2011). In addition, TJX had not properly installed the second security software it had purchased. Finally, TJX violated laws pertaining the transmission of credit card information to the banks and retaining card information for too long. As a result, the security control in place made it easy for Gonzalez’s team to hack and steal more than forty million US dollars (Laudon & Laudon, 2011).
The first strategy they would have used to solve the problem is to upgrade their encryption system from the outdated WEP encryption system to the current technology WPA encryption system. This is because WPA is a more complex encryption system making it difficult for hackers to gain access to the organization data system (Laudon & Laudon, 2011). Secondly, TJX should ensure they are following all the rules and regulations of handling credit card data as a security tool. Finally, TJX should be PCI compliant. It is extremely logical for an organization to ensure their internal security tools are intact before granting access to external parties. Therefore, the main purpose of becoming PCI compliant is ensuring the security of the internal organization is safe (Team 8, 2011).
TJX is suffering serious effects due to the security breach. First, the company is facing immense costs associated to the security breach. Twelve months after the breach, the company paid two hundred and fifty million US dollars to cover the security breach expenses (Vijayan, 2008). Secondly, the company’s reputation was tarnished. The consumers of TJX are also on the receiving end of effects caused by TJX security breach. In this case, many consumers were experiencing credit card theft. Additionally, consumers are losing loyalty on the retailers in relation to the usage of their credit card while shopping (Vijayan, 2008). Finally, the banks were affected where they were losing consumers due to credit card theft. This is because consumer thought the banks were responsible for the fraud yet it was TJX mistake (Vijayan, 2008).
According to the case, several moral dimensions are applicable to solve the problem. First, TJX has an ethical obligation to protect their consumer’s personal information (Team 8, 2011). In this case, it is important to evaluate the efforts that TJX was making to protect consumer personal data. If not like in the case, TJX is ethically liable for any loss a consumer might suffer or suffered due to the loss of this information to the public.