However, this story in the WSJ today suggests that was not the case at all. Instead, the privacy commissioners of Canada and the province of Alberta (who jointly conducted a probe), found that:
"TJX was using a weak encryption protocol to protect its consumer data in July 2005, when hackers first broke into its computer system. The protocol, known as Wired Equivalent Privacy, or WEP, isn't recommended by securities experts even for wireless home networks because it is so vulnerable to hackers.While this isn't the only investigation going on inside the company, and it's possible that others will find additional ways past the firm's security systems, at least for now it looks like kiosks were not directly at fault for causing the breach and subsequent theft of up to 45.7 million credit card numbers.
"TJX decided to upgrade to a more secure Wi-Fi Protected Access encryption protocol at the end of September 2005, Canadian officials said. By then, however, hackers had been able to access the company's internal transaction database. They did so initially from outside two stores in Miami, the probe found."
Tags: TJX, kiosks, security