A Wall St Journal article published today details the probable cause of the TJX credit card scandal I have commented on before. Today’s article confirms my suspicions: the perpetrators probably broke into TJX’s network by hacking into a retail store’s WiFi network in 2005 that was protected with WEP, a wireless protocol that was shown in 2001 to be too weak for commercial use. TJX was slow to adopt the newer WPA protocol (which I have urged people to switch to), must to its detriment as we now know.
As many as 200 MILLION cards may have been taken by the data thieves. Because the intruders left few tracks, and due to IT processes in place at the time, no one will ever know just how many cards were stolen. But so far it looks like 47.5 million is the minimum, and somewhere around 200 million is the theoretical maximum.