How Credit-Card Data Went Out Wireless Door

WSJ ^ | 4 May 2007 | Joseph Pereira

[APRPEH]

The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.

There, investigators now believe, hackers pointed a telescope-shaped antenna toward the store and used a laptop computer to decode data streaming through the air between hand-held price-checking devices, cash registers and the store's computers. That helped them hack into the central database of Marshalls' parent, TJX Cos. in Framingham, Mass., to repeatedly purloin information about customers.

[APRPEH]

subscription needed for remainder...

The ease and scale of the fraud expose how poorly some companies are protecting their customers' data on wireless networks, which transmit data by radio waves that are readily intercepted. The incident also has renewed debate about who should be financially responsible. Banks that issue credit and debit cards so far have borne the brunt of the TJX losses, as opposed to the retailer or the credit-card networks such as Visa or MasterCard. Banks' lobbyists and some legislators have started pushing for laws to make the party that lets the data slip responsible for the costs.

[listenhillary]

Head on Head on

[APRPEH]

The $17.4-billion retailer's wireless network had less security than many people have on their home networks, and for 18 months the company -- which also owns T.J. Maxx, Home Goods and A.J. Wright -- had no idea what was going on. The hackers, who have not been found, downloaded at least 45.7 million credit- and debit-card numbers from about a year's worth of records, the company says. A person familiar with the firm's internal investigation says they may have grabbed as many as 200 million card numbers all told from four years' records.

The TJX hackers also got personal information such as driver's license numbers, military identification and Social Security numbers of 451,000 customers -- data that could be used for identity theft.

[relictele]

I’m sure their IT contractors will come under fire but this is typical of companies who still view computers as they do commodes - something they have to use but aren’t crazy about being in the same room with.

A retail business with nothing but customers’ personal financial data flowing in and out all day long is a very poor choice for wireless. This type of thing happened at a Lowe’s store a couple of years ago also and I’m sure for every person caught at least 20 others are having some degree of success undetected.

Cost-cutting, laziness and misrepresentations have come back to bite them. The PR hacks will issue the usual twaddle about “the security & privacy of customer data is important to us” but obviously not important enough.

[proxy_user]

“....subscription needed for remainder...

Not if you’ve got one of those fancy antennas!

[Publius6961]

BUMP!

[Publius6961]

Banks that issue credit and debit cards so far have borne the brunt of the TJX losses, as opposed to the retailer or the credit-card networks such as Visa or MasterCard. Banks' lobbyists and some legislators have started pushing for laws to make the party that lets the data slip responsible for the costs.

The bankrupcy or near bankrupcy of just one clueless retailer should get other retailers' attention.

Encryption has been a standard and common feature for years, but I'm sure it costs $19.95 more...

[poobear]

Could someone recommend the best Identity Theft Deterrent there is available at this time?

[ThisLittleLightofMine]

Yes....use cash : )

[Keith in Iowa]

>>>Could someone recommend the best Identity Theft Deterrent there is available at this time?

http://www.lifelock.com

[APRPEH]

for yourself, basic good sense. unfortunately, you cannot control the honesty of other people. Please see my profile page for tons and tons of ID theft resources and stats. (after all the shameless Fred Thompson campaigning)

[poobear]

Thank you little light. I just want to try and stop the bleeding from past purchases.

[poobear]

Thanks!

[Still Thinking]

From what I can see of the rest of the pack, shame and campaigning for Thompson are mutually exclusinve.

[APRPEH]

why pay someone for something that takes 90 seconds and is free?

try calling the bureaus for a free fraud alert. yes you need to renew it every 90 days but so what? one call gets three fraud alerts (one at each bureau)

equifax - 888-766-0008
experian - 888-397-3742
trans union - 800-680-7289

review your credit report a few times a year. once free with www.annualcreditreport.com and know that with each fraud alert you are entitled to a free credit report from that bureau, up to 2 times per 12 months. that means 3 free credit reports per credit repository every year.

you may wish to purchase 1 or 2 or 3 credit bureau monitoring if you do not want to pick up the phone to order your free credit report.

finally, in the end, for the most protection, buy a service which provides "full fraud restoration services". not someone who tells YOU what to do, but does the work. not an "advocate" but a hands on expert.