Features
2. Hackers taking it to the TK Maxx
Gaffe rating: 878
Until last year, the most disturbing things you'd find in TK Maxx were a pair of novelty "kiss me quick" boxer shorts and a Saturday lad with an acne problem. But hackers found something more alarming on probing the company's servers.
The world's biggest theft of credit card data started in July 2005, and continued for an amazing 18 months. TJX, the US-based parent company of TK Maxx, had its systems breached by a hacker - and when the breach was finally discovered in December 2006, 45.7 million credit and debit card details had been stolen. Investigators believe the breach started with the hackers using a telescope antenna and a laptop to intercept data on a wireless network
|
|
|
ADVERTISEMENT |
|
Reports published by The Wall Street Journal said a failure to use firewalls and install software patches didn't help either, nor did disregarding the Payment Card Industry Data Security Standard framework on storing financial transaction data for longer than is strictly necessary. You might expect data to be stored until a transaction has cleared, but not dating back years. But then you might also expect wireless networks handling transactional data to be secured with something more robust than the basic WEP protocol when the stronger WPA option has been available for so long.
The moral of this story? Always have levels of security appropriate to the value of the data you're meant to be protecting. Unlike TK Maxx, which was using the electronic equivalent of Ronnie Corbett as a bouncer.
|
Read comments: 0
|
