WEP blamed for TJX data breach

Filed under Wireless Security

<%image(20071002-wifispy.png|200|265|WiFi Hacker)%>

I am sure all of you have heard about the massive TJX data breach which was detected back in December of 2006. Well it looks like WEP was the root cause for the data breach:

“While such data is typically scrambled, Canadian officials said TJX used an encryption method that was outdated and vulnerable. The investigators said it took TJX two years to convert from Wireless Encryption Protocol to more sophisticated Wi-Fi Protected Access, although many retailers had done so.”

Two years to convert from WEP to WPA may sound like a long time but I am not surprised as these types of upgrades in very large corporations can take even longer then two years. However, it still seems that the selection of systems that didn’t support WPA were the cause for the delay. Keep in mind, with WPA and WPA2 you need to select a long (63 characters if possible) passphrase (if using PSK) to ensure that your key can’t get cracked with a brute force attack.

I wrote an article about properly securing your wireless network last year which explains why it is important to choose a very long, unique WPA-PSK passphrase.

More on the TJX fiasco is here.

Comments are closed.