TJX intrusion was a WEP (WiFi) hack

Bookmark This (opens in new window)

A Wall St Journal article published today details the probable cause of the TJX credit card scandal I have commented on before. Today’s article confirms my suspicions: the perpetrators probably broke into TJX’s network by hacking into a retail store’s WiFi network in 2005 that was protected with WEP, a wireless protocol that was shown in 2001 to be too weak for commercial use. TJX was slow to adopt the newer WPA protocol (which I have urged people to switch to), must to its detriment as we now know.

As many as 200 MILLION cards may have been taken by the data thieves. Because the intruders left few tracks, and due to IT processes in place at the time, no one will ever know just how many cards were stolen. But so far it looks like 47.5 million is the minimum, and somewhere around 200 million is the theoretical maximum.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.