Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

How Long From Occurrence to Detection and Resolution

Controls to Mitigate Crime

TJX Corporation office

• Data Breach was said to have started in July 2005

• Detection in mid-December 2006

• Within the next year of detection approx. 90 million credit card and debit card were reissued to customers with known fraudulent charges.

A TJ Maxx store

  • Detective controls

a. Intrusion Detection system

  • Access Controls

a.Physical access

b. Operating system security

  • Preventative Controls

a.Up to date anti-virus software

What Have They Done Since

• Because of the TJX Data Breach, The Payment Card Industry Security Standard Council released guidelines for securing company wireless network

• TJX has upgrade their weak and outdated encryption standard to keep it beyond regular standards.

Albert Gonzalez

Perpetrator

Perpetrator continued..

• 11 Total Hackers

• Albert Gonzalez, Mastermind behind the data breach is now serving two concurrent 20-year stints in federal prison for both TJX data breach and Heartland Payment Systems.

• Gonzalez started working for the U.S Secret Services ($75 annually) as an informant, while at the same time he was conducting the TJX data breach.

• Gonzalez was indicted in 2009 and charged in March 2010

Introduction

• As of 2010, Gonzalez sentence is said to be the longest imprisonment given to an American for computer crimes.

• Gonzalez asked judge to reduce sentence because he had a computer addiction and he suffered from Asperger’s disease

• March 2011 filed motion to withdraw guilty plea because he claimed that during that time he was assisting US Secret Services.

Conclusion-How The Company Found Out

This cybercrime was interesting because it affected a large

amount customers at a more personal level.

Not only was TJX Companies affected, a large amount of

daily customers and multiple banks around the US.

How Did He Get Caught

• His partner in the Ukraine, Yastremski, was captured and investigators found records of 600 instant message conversations with Albert Gonzalez about stolen card numbers for sale.

• Hackers left encrypted messages on the

company systems to communicate with

each other

• Company Noticed Electronic footprints

were left behind from the system

break-ins that were usually occurring

during peak sales hours to collect the most

account data

Details of Crime

• Early estimates around 20 million in damages, by march 20 turned to 45 and by the end of the year the count was up to 171 million.

• Banks had to re-issue about 95 million debit and credit cards to their costumers.

• More than just bank information stolen, also SSN and drivers license numbers.

• January 17,2007 TJX announced that it had been a victim of an unauthorized computer system intrusion.

• TJX first found out about the attack in mid December 2006, but was advised by lawyers and law enforcement to not make a public statement immediately.

• A group of 11 hackers stole credit card and other personal customer information from the database at many TJX retail stores.

• Hacked through the wireless network in retail parking lots of TJX stores

TJX Companies Data Breach

Learn more about creating dynamic, engaging presentations with Prezi