Slashdot Mirror

← Back to Stories (view on slashdot.org)

TJX Breach Began With WEP Crack

Posted by kdawson on from the pwn3d-by-Pringles dept.

An anonymous reader sends us to the Wall Street Journal for a detailed report on what is known to date about the TJX data breach. It seems that the loss of over 45 million credit card numbers and more than 450,000 SSNs, driver's license numbers, and military identifications began with someone using a "telescope-shaped" antenna at a wireless link at a Marshall's near St. Paul, Minnesota in July 2005. The link was encrypted using WEP, which had been known to be broken since 2001. The crackers who got into the TJX central databases are believed to be Romanians or Russians with ties to the Russian mobs. The eventual cost of the TXJ fiasco could exceed $1 billion — not including the numerous lawsuits filed against the retailer.

2 of 164 comments (clear)

  1. Re:Why isn't WEP recalled? by Anonymous Coward · · Score: 0, Flamebait

    uh.. wrong. your analogy is, at best, idiotic. wep is not even in the same galaxy as wpa. wep is a hopelessly flawed and wholly useless protocol, wpa is as secure as it was designed to be. wake up.

  2. Pringles .... by taniwha · · Score: 0, Flamebait

    Next step will be a gross overreaction by the govt and Homeland Security, monitoring of convenience store purchase and the midnight roundups of the owners of pringles resulting in a one way trip to a Cuban internment camp