The WSJ has reported that the hackers who made off with the credit and debit card details of 45 million shoppers at TJX, initially breached the firm’s perimeter defences through an insecure wireless network. TJX has yet to confirm the report, but according
to the WSJ, opportunistic hackers used a laptop and an antenna to intercept data moving wirelessly between hand-held price checking units and store computers and cash registers at a Marshall’s clothing store in Minnesota. The data they got from this enabled
them to crash the central database of parent company TJX.
It seems that the compromised wireless network was ‘protected’ using WEP (Wired Equivalent Privacy) encryption, one of the weakest forms of Wi-Fi security that can be cracked in as little as three seconds.
Given the proliferation of wireless access points to financial institutions, it might be an appropriate moment to dust off those old WiFi security policies and triple-check defences. A break-in on the TJX scale would be enough to finish off any bank.