The infamous TJ Maxx data breach cut parent company TJX’s profits by more than half. The total bill for the breach? $256 million. [Boston Globe]


Edit Your Comment

  1. says:


  2. lowlight69 says:

    wireless security is such an “interesting” thing these days.

    when i was working on the wireless networking team for a BIG company in the Seattle area we had a survey of CTOs around the country, they were asked a bunch of security questions. the one that i love was, “what is 802.1x” the number 1 answer from CTOs: “that is a generic term for all wireless protocols”

    for the non-techies here, 802.1x is a security protocol used for authentication, originally for wireless but can be used with wired networks as well.

    these are the people that are supposed to be in charge of all their companies technology and they were/are totally lost….

    maybe this will get TJX and others to actually do something about their security….

  3. hoo_foot says:

    Good–maybe this will scare businesses into taking better security measures.

  4. Citibank c-blocked my card yesterday. They wouldn’t allow me to log in to pay my balance. They said it was because of a “security breach,” and that I would receive a new card in 7-10 days. I told them that it didn’t matter whether or not I had a card, as I’m not using it, but it DOES matter that I can pay my bill on time! Grrr!

  5. Buran says:

    They should have thought about that before they made it possible for someone to break into their network.

  6. Buran says:

    @lowlight69: Not quite. It’s the network standard itself, like Ethernet.

    Optionally there are several encryption schemes that can be used to secure data travelling over this type of link. You can use no encryption, or you can use low-security and high-security “wired equivalent privacy” encryption (totally false advertising there, as that encryption standard has been totally broken) or you can use the still-secure WPA (Wi-Fi Protected Access).

    These people were ignorant (of the issues) enough to use either no encryption or the broken WEP.

  7. Buran says:

    @loquaciousmusic: Of course they didn’t care — if you can’t pay on time, now they can charge you a late fee! Or worse.

  8. Chicago7 says:

    I LOVE TJMAXX, but I always pay with cash!

  9. tobashadow says:

    WEP is better then nothing tho.

  10. Havok154 says:

    And a gunshot to the head is better than a gunshot to the stomach.

  11. Havok154 says:

    In terms of ways to die…kinda forgot to add that part. =)

  12. lowlight69 says:

    no, it is not like ethernet, you still use ethernet when you have 802.1x in place.

    think RADIUS, its more equivalent to that.


    regardless, they were not doing anything even remotely like they should have been.

  13. pestie says:

    @tobashadow: WEP will slow down an attacker by literally tens of minutes!

    I suppose technically you’re right – WEP is better than absolutely no security at all – but it really is easier to crack than a cheap whore on a Saturday night. Even with 802.11b speeds and a Pentium 166 laptop from the late triassic period, I’ve cracked WEP keys (which I was authorized to crack – I’m not a criminal) in less than half an hour, and that counts the time needed to gather enough packets.