Criminals who systematically stole some 45 million customer details from the financial systems of US retailer, TJX and parent of UK chain, TK Maxx reportedly gained access through its wireless large area network (LAN).
The attacks, which took place from the second half of 2005 and throughout 2006, were only discovered a few months ago, prompting the company to issue an apology ands warning to its customers around the world.
The reports, in the Wall Street Journal, say the company was using wired equivalent privacy (WEP) encryption measures to secure the wireless LAN of one of its US stores, which was used to transmit point-of-sale data. The hacker broke in and collected authorisation usernames and passwords to the company’s central databases to gain access to sensitive customer data.
Once in, the hackers reportedly established their own accounts within TJX databases to collect and copy transaction data as it was stored.
The costs of the breach continue to mount for TJX, as its banks are suing for the lost business and cost in covering fraudulent transactions, as well as to replace cards and establish new account details. Some estimates put the cost in the region of $1 billion (£502.5m).
TJX did not respond to requests for comment on the reports.