Scribd
Upload
285 views2 pages

TJX Security Breach

1) The TJX data breach was one of the largest data breaches in history, in which hackers stole between 50 and 100 million credit card numbers from TJX's wireless point-of-sale systems over 2 years. 2) The hackers were able to access unencrypted customer data by compromising the WEP encryption algorithm used by TJX and using the local area network as a jumping off point to access TJX's corporate network. 3) The breach cost TJX an estimated $300 million to $1 billion and revealed that TJX knew WEP was vulnerable but had not finished upgrading to the more secure WPA encryption protocol in time.

Uploaded by

Anthony Wilson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
285 views2 pages

TJX Security Breach

1) The TJX data breach was one of the largest data breaches in history, in which hackers stole between 50 and 100 million credit card numbers from TJX's wireless point-of-sale systems over 2 years. 2) The hackers were able to access unencrypted customer data by compromising the WEP encryption algorithm used by TJX and using the local area network as a jumping off point to access TJX's corporate network. 3) The breach cost TJX an estimated $300 million to $1 billion and revealed that TJX knew WEP was vulnerable but had not finished upgrading to the more secure WPA encryption protocol in time.

Uploaded by

Anthony Wilson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

TJX SECURITY BREACH

The TJX data heist scandal is perhaps the most visible example o the ris!s o data
interception rom a "ireless net"or!# Accordin$ to %ereira &'(()*+ an or$ani,ed $ro-p o
hac!ers penetrated the .('#// "ireless point o sale net"or! s0stem in a St# %a-l+ 1innesota+
1arshal2s department store in '((3# 4ver the next t"o 0ears thieves stole bet"een 5( and
'(( million credit card n-mbers 6 the exact scale o the disaster has not 0et been established
&%ereira+ '(()*# In addition to credit card records+ the hac!ers compromised an -n!no"n
n-mber o personal identiication records incl-din$ driver2s licenses and social sec-rit0
n-mbers &%ereira+ '(()*# A '(() Canadian report b0 the 4ice o the %rivac0 Commissioner
o Canada and the 4ice o the Inormation and %rivac0 Commissioner o Alberta placed the
blame or the data breach s7-arel0 on TJX2s -se o the 8ired E7-ivalent %rivac0 &8E%*
protocol encr0ption standard &9Report o an Investi$ation into the Sec-rit0+ Collection and
Retention o %ersonal Inormation+ TJX Companies Inc# :8inners 1erchant International
;#%#<+ '(()*# Ater compromisin$ the 8E% encr0ption al$orithm &disc-ssed in Appendix =*
-sed b0 the 1arshall2s store+ the attac!ers $ained access to a bac! room server that stored
-nencr0pted c-stomer data &Sic!er+ '(()*# The attac!ers "ere able to delete lo$ iles+
optimi,e the net"or! to better s-pport their ra-d-lent activities+ and leave encr0pted
messa$es or one another that served as to>do lists or -t-re thet &Sic!er+ '(()*# Ultimatel0+
the attac!ers -sed the compromised St# %a-l local area net"or! as a ?-mpin$>o point or
attac!s across the TJX corporate net"or! &Sic!er+ '(()*#
Altho-$h there has been little to no academic anal0sis o the TJX attac! &the Canadian report
reerenced above seems to be the onl0 oicial doc-mentation released to date*+ there has
been a sta$$erin$ amo-nt o press and p-blicit0 oc-sed on the incident# The 8all Street
Jo-rnal+ @e" Yor! Times+ The Boston =lobe+ and man0 other print and online ne"s
or$ani,ations have reported on this stor0# In act+ Abelson &'(()* reported that TJX itsel+ in
response to the stories+ ran 9ABC -ll>pa$e advertisements in several @e" En$land
ne"spapers< explainin$ the breach to cons-mers and shareholders# A =oo$le search o the
terms 9TJX sec-rit0 breach< ret-rned over 3(+((( hits# A Debr-ar0 '((. visit to the
"""#t?x#com "ebsite revealed an 9Important C-stomer Alert< lin! prominentl0 displa0ed in
the middle o the "ebpa$e that provides a letter rom TJX %resident and CE4 Carol
1e0ro"it, and other cons-mer saet0 inormation+ a 0ear ater irst reportin$ the incident#
Estimates placed the total cost res-ltin$ rom the disaster at bet"een E3(( million and E/
billion &Fi?a0an+ '(()G 4-+ '((3*# The Canadian privac0 report revealed that+ at the time o
the net"or! penetration+ TJX !ne" that 8E% "as v-lnerable and "as act-all0 in the process
o -p$radin$ to the more rob-st 8i>i %rotected Access &8%A* encr0ption protocol &9Report
o an Investi$ation into the Sec-rit0+ Collection and Retention o %ersonal Inormation+ TJX
Companies Inc# :8inners 1erchant International ;#%#<+ '(()*# Unort-natel0+ it did not
happen in time# 8hat is partic-larl0 dist-rbin$ abo-t the TJX incident is that it occ-rred
several 0ears ater a similar incident too! place involvin$ the electronics retailer Best B-0
aro-nd 1a0 '((' &Bre"in H Ferton+ '(('*# Accordin$ to a 1a0 I+ '(('+ Comp-ter"orld
article+ Best B-0 -sed an -nsec-re "ireless point o sale s0stem to s-pplement its permanent
cash re$ister leet d-rin$ pea! c-stomer traic &Bre"in H Ferton+ '(('*# An anon0mo-s
hac!er discovered the v-lnerabilit0 and posted his indin$s to an internet mailin$ list &Bre"in
H Ferton+ '(('*# Shortl0 thereater+ accordin$ to the article+ a Best B-0 spo!esman
commented that 9Spo!es"oman Jennier Boh-slavs!0 ABC< conirmed that 9ABC Best B-0
on 1a0 / deactivated its J"ireless temporar0 cash re$isters+J "hich transmit inormation via
a "ireless ;A@ connection< &Bre"in H Ferton+ '(('*#

You might also like