Logo Logo

Maxxed Out: TJX Companies and the Largest-Ever Consumer Data Breach

Abstract

In November 2005 Fidelity Homestead, a savings bank in Louisiana, began noticing suspicious charges from Mexico and southern California on its customers’ credit cards. More than a year later, an audit revealed peculiarities in the credit card data in the computer systems of TJX Companies, the parent company of more than 2,600 discount fashion and home accessories retail stores in the United States, Canada, and Europe.

The U.S. Secret Service, the U.S. Justice Department, and the Royal Canadian Mounted Police found that hackers had penetrated TJX’s systems in mid-2005, accessing information that dated as far back as 2003. TJX had violated industry security standards by failing to update its in-store wireless networks and by storing credit card numbers and expiration dates without adequate encryption. When TJX announced the intrusion in January 2007, it admitted that hackers had compromised nearly 46 million debit and credit card numbers, the largest-ever data breach in the United States.

Type

Case

Author(s)

Russell Walker

Date Published

Citations

Walker, Russell. Maxxed Out: TJX Companies and the Largest-Ever Consumer Data Breach. Case 5-313-507 (KEL764).

KELLOGG INSIGHT

Explore leading research and ideas

Find articles, podcast episodes, and videos that spark ideas in lifelong learners, and inspire those looking to advance in their careers.
learn more

COURSE CATALOG

Review Courses & Schedules

Access information about specific courses and their schedules by viewing the interactive course scheduler tool.
LEARN MORE

DEGREE PROGRAMS

Discover the path to your goals

Whether you choose our Full-Time, Part-Time or Executive MBA program, you’ll enjoy the same unparalleled education, exceptional faculty and distinctive culture.
learn more