TJX breach twice the size of earlier estimates

Submit: Add to your Digg This Slashdot GotNews StumbledUpon Reddit

It initially appeared that the size of the TJX breach was around 48 million credit cards, although the theoretical maximum was as high as 200 million cards. Recently, banks are finding that the TJX breach was more like 94 million cards. That nearly one credit card for every household in the U.S.

VISA and MasterCard have lost tremendous sums of money due to this breach alone. Losses are estimated at $1.04 to $1.28 per card, which translates into a total loss as high as $120 million. But the total cost of the incident will be much higher, close to $1 billion, when counting settlements and lost sales as well as the direct losses cited here.

It is common knowledge that the most likely attack vector was unsecure wireless networks using the extremely weak WEP protocol. WEP was known to be weak in 2000, and yet six years later TJX (and thousands of other businesses) were relying upon it to protect their networks. That’s about as effective as a sign reading “Please don’t come in” on an unlocked door.

The Canadian government’s privacy commissioner released a report criticizing TJX for its weak security. This report is succinct in its findings, and is good reading if you have yet read a detailed account of the TJX breach. TJX’s 10-K report is another good source of information.

TJX breach was twice as big as admitted, banks say (The Register)
Banks claim TJX breach twice as bad (ZDNet)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.