Risk: Informational
TJX recently revealed that over 45 million of its customers' card details had been stolen but wasn't sure how - until now; a wireless flaw permitted the attackers to penetrate security and steal the card details. The story was covered in April's ISN (http://www.nta-monitor.com/posts/2007/04/08-over_45_million_tk_maxx_customers_credit_card_details_stolen.html) and has been very widely publicised throughout the world.
TJX 'secured' its wireless LAN using WEP, a notoriously weak encryption method. Those who stole customers' data allegedly did so by cracking stores' cash register and computer data transmitted using WEP and subsequently hacking into the corporate database.
The enormity of the fraud, which is the biggest known credit and debit card theft, is examined in detail by the Wall Street Journal at: