Final Blog Post – Albert Gonzalez vs
TJXX Companies
It is
so much easier to pay with a credit/debit card. Most of us have one, or a
few of them. A lot of people don’t like to carry cash with them anymore, and if
you need cash, you can easily find an ATM close by, since there are so many
around. We also love shopping, and a lot of us use our credit/debit cards to
pay for the items we purchase. In order to obtain a Credit/Debit card you have
to provide your name, address, social security number, among other personal
information to the Bank. So since it’s your personal
information, wouldn't you want Companies to protect it when you use
your Credit/Debit card to purchase items from them? I would like them to
keep my information secure, I hope you would too. But unfortunately when it
comes to information security, not all companies and industries are alike.
Albert
Gonzalez was accused of masterminding the combined credit card theft and
subsequent reselling of more than 170 million cards and ATM numbers from 2005
through 2007. The biggest such fraud in history. He stole card information from
TJX Companies like T.J Maxx, BJ’s Wholesale Club, DSW, Office Max, Boston
Market, Barnes & Nobles, and Sports Authority. He hacked stores in
different states like New York, Massachusetts, and New Jersey. Gonzalez was
arrested on May 7, 2008 and On March 25, 2010, he was sentenced to 20 years in
federal prison.
I
believe that Albert Gonzalez actions were wrong, and he is guilty as charged,
but I have to ask, do you think Albert Gonzalez was the only one at fault? Many
would say yes, he was, but I would argue the opposite.
One
of the Companies he hacked was T.JX Companies, he hacked T.J Maxx and Marshalls,
and these are retail clothing store owned by T.JX that sells designer clothes
for a discounted price. Therefor a lot of customers walk in to theirs stores
and purchase their items. I am not talking about a small store I am talking
about a very big company that is making a very good amount of money. But
surprisingly they were using out of date and vulnerable security encryption for
their machines and networks. I believe that if a person uses their Credit/Debit
card at a store for instance, it is the store’s responsibility to keep the
information safe. Once the costumer swipes their card thought the store’s
credit machine, the card information is stored, so it becomes the store’s
property. Probably more than 90% of the customers affected were not aware that
their Credit/Debit card information was compromised. There is a quote by Luke
that says ‘to whom much is given, much will be
required’ (Luke 12:48). I believe that this quote backs up my argument because
when the customer uses their credit/debit card, they are giving the store money
in exchange for the items they are purchasing, the company stores the data into
their data centers, so therefor there is that required or expected
responsibility to keep the data secure.
So I
ask, why weren't they protecting their costumer’s private information with up
to date security? T.JXX was using WEP security encryption for
their network. Almost every hacker out there likes a challenge, but when
the security is outdated and weak is like a day at the park for them. I
believed that T.JXX Companies did not took the necessary security measures to maintain
the data they were responsible to secure. I hope that they learned from this
security breach and they can provide better security for their customers.
Sources:
http://www.gotquestions.org/much-given-required.html