PLEASE READ AND ANSWER ALL 3 questions correct,

dont get answer from other chegg questions cause they are wrong.

EXAMPLE CASE: T. J. Maxx One of the best-reported modern cybersecurity incidents is the T. J. Maxx incident of 2007. It led to numerous changes in cybersecurity procedures, including the addition of wireless security requirements for credit card processing. Thus, while the incident may appear dated, it is very useful from a learning perspective, since most related information is now in the public domain. The year 2007 was marked by some startling revelations of hackers gaining access to credit card databases at many leading retailers in the country. In addition to T. J. Maxx, Barnes and Noble and Office Max were victims of cyber-attacks. It was initially believed that the attacks were being led by hackers outside the country. However, the hacking spree culminated in the prosecution of 11 men in 5 countries, including the United States. The ringleader, Albert Gonzalez, had been an informer for the US Secret Service. On August 5, 2008, the US government charged 11 individuals with wire fraud, damage to computer systems, conspiracy, criminal forfeiture, and other related charges for stealing credit card information from prominent retailers such as T. J. Maxx, BJ's Wholesale Club, Office Max, and Barnes and Noble. In August 2009, many members of the same gang were again charged with compromising Heartland Payment Systems, a credit card processing company, and stealing approximately 130 million credit card numbers. With approximately 100 million families in the United States, this translates to about one credit card per family being stolen. The gang had been in operation since 2003. Between 2003 and 2007, they exploited weaknesses in wireless security at retail stores. This was the method used in the attacks that formed the basis of the 2008 indictment. Beginning in August 2007, the gang refined its skill set and began to use SQL injection attacks to place malware on web applications and gain access to corporate databases. This was the method used in the attacks for which the gang was indicted in 2009. Albert Gonzalez (Figure 11-12), the ringleader, was a resident of Miami, Florida. Beginning around 2003, he is believed to have driven around Miami using his laptop computer to locate insecure wireless access points at retail stores. Stores typically use these networks to transfer credit card information from cash registers to store servers. When an open network was located, the gang would use a custom-written "sniffer" program to collect credit card account numbers, which were then sold in the gray market. The biggest victim was T. J. Maxx, which lost information on more than 40 million credit cards. The information was stored on servers in the United States, Latvia, and Ukraine. Later, when the gang graduated to SQL injection attacks, it would visit stores to identify the transaction processing systems these companies used. The gang used this information to determine suitable attack strategies for targeting these companies. The gang also studied the companies' websites to identify their web applications and to develop appropriate attack strategies for these websites. Gonzalez earned more than $1 million in profits by selling this credit card information. Apparently, at one time, his counting machine broke and he had to manually count $340,000 in $20 bills. In August 2009, Gonzalez agreed to plead guilty to charges in the T. J. Maxx case. On March 26, 2010, he was sentenced to 20 years and 1 day in prison.28 Gonzalez became an informant for the US Secret Service in 2003 after being arrested for various crimes. In October 2004, he helped the Secret Service indict 28 members of a website Shadowcrew.com. Shadowcrew stole credit card information and sold it for profit. While in operation, Shadowcrew members stole tens of thousands of credit card numbers. After the Shadowcrew operation was completed, however, Albert began his own exploits. Beginning with the wireless hacks into T. J. Maxx and other retailers, his attacks culminated in the SQL injection attacks against Heartland Payment Systems. In each case, he succeeded in obtaining tens of millions of credit card numbers. The direct damage from the attacks in terms of fraudulent charges on customer credit cards was limited. In March 2007, one gang in Florida was caught using cards stolen from T. J. Maxx to buy approximately $8 million in goods at various Walmart and Sam's Club stores in Florida. However, the collateral damage from the incident has been colossal. TJX Companies Inc., or TJX (the parent company that owns T. J. Maxx stores, along with Marshalls), settled with Visa for $40 million in November 2007 and with MasterCard in April for $24 million. The impact was nationwide. Tens of millions of customers had to be reissued credit cards. Customers (including the first author of this book) who had set up automated payments on these cards received collection notices from service providers when charges did not go through because the cards had been canceled and new ones had been issued in their place. Surprisingly, sales at T. J. Maxx were not significantly affected by the intrusion. Customers who noticed fraudulent charges had their accounts fixed by the automatic protection programs offered by credit card companies. Example Case Questions 1. Read the 10-K statement filed by T. J. Maxx on March 28, 2007, with the SEC (symbol: TJX).2 Use the section on "Computer Intrusion" to list the major events related to the security breach at the company and the dates on which they occurred. (SEC filings are usually most easily obtained from Yahoo finance. When you search for a company and follow the link to all filings on EDGAR, all filings made by the company are listed in reverse chronological order. Filings from the last four years are available here. Filings from earlier years are obtained directly from the SEC's EDGAR database.) 2. Read the 8-K statement filed by TJX in connection with the intrusion (January 18, 2007). What information did the company report in the filing? What is an 8-K statement? 3. What legal actions were initiated against TJX as a result of the computer intrusion? (The 10-K statement for 2007 filed by TJX will be useful here.)