According to the Wall Street Journal, the biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.
There, investigators now believe, hackers pointed a telescope-shaped antenna toward the store and used a laptop computer to decode data streaming through the air between hand-held price-checking devices, cash registers and the store's computers. That helped them hack into the central database of Marshalls' parent, TJX Cos. in Framingham, Mass., to repeatedly purloin information about customers.
More here.
1 comments:
There are a couple of things that make me wonder if all the information could have been stolen this way. First of all, it must have been a pretty extensive war drive.
Based on my experience with point of sale systems, they would only be transmitting sales data from that location. Yet, in this case, information was stolen in three countries on two continents?
Also, although a journalist's right, all the investigators being quoted are anonymous and are using verbiage, like "I believe." This would indicate that war-driving is a deduction, or theory.
Not so long ago, Office Max and Sams Club were allegedly (I say that because no one ever really confirmed it) the point of compromise in another data breach.
After that Dollar Tree was compromised (allegedly by war driving) and more recently PIN Pads have been seen replaced at Stop and Shop on the East Coast and Wendy's in Edmonton.
The recent article points to (another theory) Russian and Romanian gangs, but the only arrests (other than end users of the information) seem to be of individuals of Armenian descent.
Part of the problem is that no one seems to be getting caught, which is where we might learn more about how this is occuring.
There is also a looming battle (civil litigation) about who will bear the costs of all this. This might (also) be influencing some of the theories coming out.
Data breaches are becoming a huge issue and several more have been reported since the now infamous TJX one.
A ongoing chronology of them can be viewed at the Privacy Rights Clearinghouse, or Attrition.org.
One thing in common with most of them is that we really never are informed as to exactly how they occurred, or who was behind them.
A lot of those being compromised, don't really want to say, or they simply have no clue. Your guess is as good as mine.
I'm not disputing the Wall Street Journal article, but until all the facts are disclosed (which never might happen), I plan to keep an open mind. We've seen too many of these breaches become not newsworthy and when you look back at them, not very much is figured out, or at least disclosed.
Breaches are costly and they hurt consumer trust. A lot of organizations (companies) make billions of dollars by using all this personal and financial information. The true solution is to stop exposing so much of the information and making it easy to steal and or use - the ease in which credit is issued (fraudulently) is amazing.
Anyway, enough ranting for now. By the way, nice blog, I'll have to continue to read it!
Post a Comment