According to TJX’s official press releases and an SEC filing, they first become aware of the presence of “unauthorized software” on their computer systems on
Is TJX telling the truth? Remember the arrests in Florida of the criminal gang that were using stolen TJX credit card information to manufacture fake credit cards and purchase fresh gift cards? Well,
While TJX expertly handles the release of information about their security failings other retailers must operate in ignorance and most probably fall victim to similar attacks. And what is the impact to TJX from this record breaking, mishandled incident? I’ll tell you. Same store sales for this past January were up three percent over last January. While other retailers are suffering TJX is thriving. TJX’s stock apparently took a short term hit as it fell from $25 per share to $22 last January but now sits at $30.
Lessons Learned
First, esoteric matters like IT security really do not matter to the overall performance of a retailer. Customers, employees, stakeholders, apparently don’t care. Second, no matter what the security industry says, you should not justify security spending based on potential impact of a data breach on your stock price. That theory is completely disproved by TJX.
But let me point out that TJX has attributed $200 million in direct costs to this breach. It is easy to surmise this is bigger than just about anyone’s security budget. In TJX’s case some well known security practices and a little security spending would have avoided this whole incident.