1. By: Ted Worthington

2.  About TJ Max  Discovery  How the break in occurred  The Payment Card Industry-Data Security Standard  Lawsuit and Investigation  Prosecution  Conclusion

3.  First stores opened in 1977 in Massachusetts  Leading off-price retailer of apparel and home fashions in the U.S. and worldwide  Ranked 115 in the Fortune 500  Has over 3,000 stores in six countries

4.  On December 18, 2006 they detected suspicious software on their computers  Called in security consultants who confirmed there had been an intrusion  They then confirmed that customer data was stolen  It was thought to be only been happening for the past 7 months but they then found that its been going on since 2005

5.  45.7 million customer records were stolen  The attackers used to information to make fraudulent credit card purchases  Did not notify customers until a month after finding out about the attack

6.  They first broke into poorly protected wireless networks in some retail stores  They were then able to get into the central TJ Maxx credit and debit card processing system  TJ Maxx system had poor firewall that allowed the hackers to install a sniffer  The sniffer listen to company’s traffic that was passing in and out of the processing center. ◦ This traffic was poorly encrypted

7.  Why these hackers stayed in the system because TJ Maxx was retaining sensitive credit information that shouldn’t have been  TJ Maxx didn’t detect the sniffer for the 7 months it had been there was because they didn’t have any organized intrusion detection capability

8.  Created by the major credit card companies because of earlier data breaches involves credit card information  The standards companies must follow if they want to accept credit cards  There are 12 standards companies must follow  TJ Maxx was only following 3 of the 12 guidelines and was in no rush to improve this

9.  TJ Maxx was sued by 7 banks  Settled with 6 agreeing to pay $40.9 million  Visa fined TJ Maxx merchant bank because they couldn’t fine them directly but the fine was still passed over to TJ Maxx  The fine amount was $880,000 plus another $100,000 per month until TJ Maxx fixed its security problems

10.  11 individuals were charged for this break-in  3 were Americans, 2 were in China, and the rest were in Eastern Europe  This group also stole information from OfficeMax, Barnes & Noble, and Sports Authority

11.  About TJ Max  Discovery  How the break in occurred  The Payment Card Industry-Data Security Standard  Lawsuit and Investigation  Prosecution

12.  http://www.tjx.com/about-tjx.asp  http://www.nbcnews.com/id/17871485/#.U p9usuLFqN4  PA, I. U. (2010). Host Computer Security. Boston, MA: Pearson.