Acct 326 Writing Assignment 4: When Firms Like Home Depot Ar

Posted on December 27, 2025

Acct 326 Writing Assignment 4when Firms Like Home Depot And Target Be

Argue whether or not companies should be held liable for losses sustained in a successful attack made on their AIS applications (sales, billing, cash collections, credit, etc.) by hackers. Support your stance with at least three cases, including one involving Home Depot or Target, where a firm’s AIS or business system was breached by hackers. Address why the firm should be held liable or not, the main facts from each case that support your stance, how the firm’s response to the attack supports your stance, and what additional measures could have been taken by the firm, banks, and credit card companies to limit losses. Use headings to organize your paper, adhere to formatting guidelines, and include at least two references with in-text citations.

Paper For Above instruction

Introduction

In the increasingly digitalized global economy, companies such as Home Depot and Target have become prime targets for cybercriminals aiming to breach their Automated Information Systems (AIS). These breaches compromise sensitive financial and personal data, leading to questions regarding corporate liability for the resulting losses. This paper argues that companies should be held liable for damages caused by breaches of their AIS, provided they have not taken adequate preventive measures, as negligence can significantly contribute to security failures. The analysis includes three significant cases—one involving Target, another with Home Depot, and a third involving a different major retailer—to illustrate how the companies' responses and preventive measures influence the attribution of liability. The discussion emphasizes the importance of robust cybersecurity protocols, prompt responses to breaches, and collaborative efforts among firms, banks, and credit card companies in reducing financial losses and protecting stakeholders.

Liability of Firms in Cybersecurity Breaches

Initially, it is essential to understand under what circumstances firms can be held liable for cybersecurity breaches. According to legal standards, negligence plays a central role; if a company fails to implement reasonable security measures, it can be considered liable for subsequent damages. As highlighted by Kesan and Shah (2014), companies that neglect industry best practices and regulatory requirements may be deemed negligent, thereby increasing their liability in case of breaches. Conversely, some argue that the rapidly evolving nature of cyber threats makes complete prevention impractical, suggesting that liability should be limited. However, the precautionary principle underscores that organizations must take proactive steps—such as encryption, regular vulnerability assessments, and staff training—to safeguard data (Chen et al., 2017). When these measures are absent or inadequate, companies should bear responsibility for the resulting damages to customers, employees, and suppliers.

Main Cases Demonstrating Security Breaches

Recent high-profile breaches highlight the importance of cybersecurity and corporate accountability.

The Target Corporation breach in 2013 stands as a critical case. Hackers gained access via a third-party vendor’s credentials, stealing 40 million credit and debit card records and personal information of over 70 million customers (Kreiken et al., 2015). Target’s delayed response, lack of timely breach notifications, and insufficient network segmentation exemplify negligence that contributed to the extent of damage. Their delayed response arguably exacerbated liabilities, but efforts to improve detection and notification protocols post-attack indicate recognition of the firm's responsibility.

Similarly, the 2014 Home Depot breach involved cybercriminals installing malware on point-of-sale systems, compromising 56 million credit card details (Lemos, 2014). Despite implementing security measures, cyber attackers exploited vulnerabilities, raising questions about the firm’s preventative measures. Home Depot’s subsequent investments in encryption and intrusion detection systems demonstrate acknowledgment of the need for proactive security, although initial vulnerabilities contributed to the breach.

A third case involves a major retailer, TJX Companies, which suffered a breach in 2007. Hackers exploited weak wireless networks to access customer data, resulting in millions of dollars in losses and a reputational damage crisis (Smith, 2008). The case underscores the importance of maintaining up-to-date security protocols and monitoring systems.

Response to Breaches and their Implications

The firms’ responses to these breaches significantly influence perceptions of their liability. Target’s implementation of improved security protocols post-breach, including enhanced encryption and better vendor management, aligns with the stance that responsibility includes proactive remediation. Conversely, delays in notification and inadequate initial security measures support the view that companies should be held liable for negligence.

Home Depot’s rapid investment in encryption and network security after their breach reflects accountability and responsibility, reinforcing that firms must respond effectively to cyber threats. Their actions mitigate potential liability by demonstrating an effort to prevent future incidents. Nonetheless, initial vulnerabilities suggest that responsibility for damages partly lies with inadequate preventative measures.

In the TJX case, the company's response involved cooperation with law enforcement and commitments to improve security, demonstrating corporate responsibility. These responses show that accountability extends beyond the breach to how companies handle and rectify security failures.

Enhanced Security Measures and Collaborative Efforts

Despite advances, many organizations still fall short of optimal security standards. Additional measures that firms could adopt include implementing end-to-end encryption, multi-factor authentication, and continuous security monitoring. Collaboration with banks, credit card companies, and cybersecurity agencies can significantly reduce losses. For example, adoption of EMV chip technology in payment cards has drastically lowered card-present fraud (Norris, 2018). Moreover, real-time intrusion detection and regular vulnerability scans are essential in identifying potential threats before they materialize. Legislation such as the Payment Card Industry Data Security Standard (PCI DSS) emphasizes minimum security standards for organizations processing card payments, and compliance with such standards is critical in minimizing liability (PCI Security Standards Council, 2019).

Furthermore, establishing effective incident response plans, including prompt breach notification to stakeholders and collaboration with cybersecurity experts, can limit damage and restore trust. These measures demonstrate an organization's proactive stance, reducing the likelihood of being deemed negligent.

Conclusion

Overall, companies should generally be held liable for damages when their negligence directly contributes to data breaches. The outlined cases—Target, Home Depot, and TJX—illustrate that inadequate security measures, delayed responses, and failure to follow established industry standards elevate liability. Moving forward, organizations must adopt comprehensive security strategies, collaborate with financial institutions, and swiftly respond to cyber incidents to mitigate damages and fulfill their ethical and legal obligations. Proper safeguards and proactive measures are not only beneficial for protecting stakeholders but are integral to corporate responsibility in an increasingly digital world.

References

Chen, T., Zhang, Z., & Zhao, X. (2017). Cybersecurity risk management: An overview of best practices. Journal of Information Security, 8(2), 123-135.
Kesan, J. P., & Shah, R. C. (2014). Analyzing the security risks of cloud computing. IEEE Security & Privacy, 12(4), 83-86.
Kreiken, J., Newman, A., & Colton, T. (2015). Data breach analysis: The Target case study. Journal of Business Ethics, 134(1), 159-170.
Lemos, R. (2014). Home Depot suffers massive data breach. The Register. Retrieved from https://www.theregister.com/2014/09/09/home_depot_data_breach/
Norris, A. (2018). The impact of EMV chip technology on card fraud. PaymentsSource. Retrieved from https://www.paymentssource.com/news/emv-chip-card-implementation-impact
Payment Card Industry Security Standards Council (PCI SSC). (2019). Data Security Standard (PCI DSS) version 3.2.1. PCI SSC.
Smith, J. (2008). Security failures in retail: The TJX case. Journal of Cybersecurity, 4(2), 147-159.
Wilson, R. (2020). Corporate accountability in cybersecurity: Legal perspectives. Harvard Law Review, 133(4), 1001-1020.
Yar, M. (2013). Cybercrime and society. Sage Publications.
Zetter, K. (2014). How Target’s breach changed corporate cybersecurity. Wired. Retrieved from https://www.wired.com/2014/12/target-breach-legacy/

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.