TJMaxx computer system intruders who stole 45.7 million credit cards siphoned off customer data using a program they implanted on the company’s servers, recent regulatory filings reveal.
The worm operated undetected for at least 18 months, capturing credit card numbers, then changing timelogs and moving data around to erase its tracks.
Initial speculation suggested that the thieves had access to the retailer’s encryption key. Now it may be that the program captured data before it was encrypted.
If the latter, the ramifications are immense, as it means every single retailer’s credit card processing system is at risk. — BEN POPKEN
TJX Intruder Had Retailer’s Encryption Key [eWeek] (Thanks to Brandon!)