It was believed, but not confirmed that TJX’s customer data was either kept in plain-text format or the hackers were able to obtain the encryption key during the initial breach of the headquarters network. The customer data was also not stored appropriately; and it is believed TJX violated industry principles put in place to provide guidelines on how companies should store their customer’s data. “The TJX data storage practices also appear to have violated industry standards. Reports indicate that the company was storing the full-track contents scanned from each customer’s card. Moreover, customer records appear to have included the card-validation code (CVC) number and the personal identification numbers (PIN) associated with the customer cards. PCI Data Security Standard 3.2 clearly states that after payment authorization is received, a merchant is not to store sensitive data, such as the CVC, PIN, or full-track information.” (Berg , Freeman & Schneider, 2008).
Finally, this data breach could have been prevented if TJX took the necessary precautions to safeguard customer’s financial data. Which could have been accomplished by limiting the range of their wireless signal within the store, encrypting customer information, using better wireless security standards WPA or WPA2, if wireless devices are permitted, and finally, adhere to the industry standards to safeguard personally-identifiable information? This data breach was one of the largest because TJX made themselves such an easy target with their weak and almost non-existent network security standards. Retailers like T.J. Maxx have used this data breach as a lesson in securing their customer’s data and prevent a compromise of their customer data such as this one.

References:
Greenemeier, L. (2007, March 29). T.J. Maxx Parent Company Data Theft Is The Worst Ever - InformationWeek. InformationWeek. Retrieved July 10, 2014, from