Tuesday, May 08, 2007

TJX breach due to bad protected wireless retailer network; lawsuits upcoming

Ian Grigg notes at his Financial Cryptography blog that the hackers in the TJX case did the following:
- sat in a carpark and listened into a store's wireless net,
- cracked the WEP encryption,
- scarfed up user names and passwords ....
- used that to then access centralised databases to download the CC info.

Now that banks are taking the hit for this uncareful behaviour the Massachusetts Bankers Association, a trade group, announced that it is filing a class action lawsuit against retailer TJX over this data breach, as it that put more than 45 million credit and debit cards holders at risk of having their financial information accessed.

The bankers association, along with the Connecticut Bankers Association and Maine Association of Community Banks, filed the lawsuit in the U.S. District Court in Boston. The three banking associations represent almost 300 banks and are seeking to recover "tens of millions of dollars" in damages, according to the filing.

Interesting to note that for a change it is not the retailers complaining and sueing over interchange fee, but the banks sueing the retailers for being careless.