WLAN security blamed for TJX payment card breach
A new report issued by the Office of the Privacy Commissioner of Canada last week cited Winners Merchant International and its parent company, TJX, for failure to satisfy personal information protection standards during a break-in that compromised 45 million payment cards.
Although other factors contributed to the breach, investigators placed much of the blame squarely on WLAN security. “TJX relied on WEP and failed to convert to WPA within a reasonable period of time,” concludes the report. “The risk of breach was foreseeable... therefore, TJX did not meet the safeguard provisions of either PIPEDA or PIPA.”
[ Read more ]