The recently reported TJ Maxx security breach—where data on 94 million credit card accounts was stolen in 2003, 2004, and 2006—has ended up costing the company $200 million and counting. But although it’s the biggest example so far of retail data theft, TJ Maxx isn’t the only retailer doing a poor job of keeping sensitive data protected from hackers. One wireless security vendor recently surveyed thousands of stores and discovered that a significant number of retailers don’t practice good wireless security:
According to AirDefense, about 85% of the 2,500 wireless devices that it discovered in retail stores, such as laptops and barcode scanners, were vulnerable to wireless hacks. Out of the 4,748 access points that were monitored for the survey, about 550 had poorly named SSIDs that could give away the store’s identity.
A lot of point-of-sale devices were found left in their default configurations, and out of 3,000 stores, about a quarter of them were using no wireless protection at all, while another quarter were using the easily-broken WEP encryption method.
An analyst points out that AirDefense has a business interest in finding and pointing out security holes, but that doesn’t make the findings imaginary. Even the analyst admits it’s a real problem in retail today:
“Wireless security continues to be the major hole that allows criminals access to retailer systems,” she said. “It’s very difficult to lock it down” for retailers.