Executive Briefings

Security Breach Costs TJX Companies About $250M

One year ago, The TJX Companies disclosed what has turned out to be the largest information security breach involving credit and debit card data--thus far, at least. The data compromise at the Framingham, Mass.-based retailer began in mid-2005, with system intrusions at two Marshalls stores in Miami via poorly protected wireless LANs. The intruders who broke into TJX's payment systems remained undetected for 18 months, during which time they downloaded a total of 80GB of cardholder data.
Despite being the biggest, costliest and perhaps most written-about breach ever, customer and investor confidence in TJX has remained largely unshaken. But it has been costly, and other companies, whether in retail or not, should take note.
TJX has said that in the 12 months since the breach was disclosed, it has spent or set aside about $250m in breach-related costs. That includes the costs associated with fixing the security flaws that led to the breach, as well as dealing with all of the claims, lawsuits and fines that followed the breach.
Source: Computerworld, http://computerworld.com

One year ago, The TJX Companies disclosed what has turned out to be the largest information security breach involving credit and debit card data--thus far, at least. The data compromise at the Framingham, Mass.-based retailer began in mid-2005, with system intrusions at two Marshalls stores in Miami via poorly protected wireless LANs. The intruders who broke into TJX's payment systems remained undetected for 18 months, during which time they downloaded a total of 80GB of cardholder data.
Despite being the biggest, costliest and perhaps most written-about breach ever, customer and investor confidence in TJX has remained largely unshaken. But it has been costly, and other companies, whether in retail or not, should take note.
TJX has said that in the 12 months since the breach was disclosed, it has spent or set aside about $250m in breach-related costs. That includes the costs associated with fixing the security flaws that led to the breach, as well as dealing with all of the claims, lawsuits and fines that followed the breach.
Source: Computerworld, http://computerworld.com