The Wall Street Journal is reporting that the TJMaxx debacle originated in failing to properly secure a store's wireless network.
If you recall, some 46 million credit card numbers (and unbelievably, driver's license numbers, military identification and Social Security numbers of 451,000 customers) are believed to have been stolen from TJMaxx, Marshalls, Homegoods, and AJ Wright stores over an 18 month period.
Now it is revealed that crooks simply started by picking up store wi-fi signals that were only secured using WEP, well known to be an easily hacked older type of encryption. Since there was evidently no further security measures at the store level, access was gained to the corporate central database. The retailer was also found to have been transmitting credit card transactions without encrypting them, a violation of the Payment Card Industry Data Security Standard.
Estimates place the security breach costing the company $100 per lost record, or a total of $4.5 billion.
Subscribe to:
Post Comments (Atom)
1 comments:
wow, that's hilarious. everyone knows WPA is where it's at now, shit, they coulda even used MAC address filtering... ridiculous.
Post a Comment