This was a huge theft of data, but not the largest. That honor goes to TJ Maxx, which announced last year that hackers had been stealing information from its network for as long as 18 months. TJ Maxx claims a little more than 45 million records were stolen, though some of the banks involved say it may have been as many as 90 million.
How does something like this happen? Well in TJ Maxx’s case, the branch stores had wireless networks. Some of those networks were unsecured, meaning that anyone could sit in the parking lot with a laptop and access the network. Once the thieves were connected to the store’s network, they were able to connect to the servers at corporate headquarters and download information.
That was TJ Maxx though. At Hannaford, the data was not pulled out of a database, it was stolen “during transmission of card authorization.” You see, data on a network travels similarly to a postcard. When you mail a postcard, you write your message and the address you want the message to go to. As it goes through the postal service, anyone can pick it up and read it.
Sensitive information should be encrypted to prevent it from being read in transmission.
Credit card companies require that information be encrypted when it is sent from the stores to the banks, so it is highly unlikely that anyone accessed the data there. It was mostly likely accessed while the data was traveling, unencrypted, around the store networks.
So how did the hackers gain access to the store networks? I can only guess, but my money is on an unsecured or poorly secured wireless network. Right now the Secret Service is investigating and we aren’t likely to learn the truth for months.
Next time I’ll give you some tips to help you secure your home wireless network and avoid the headaches hackers can cause.
Jeremy Hutchinson, owner of Foreside Technology, assists local businesses with purchasing, configuring and maintaining their computers, servers and networks. You can reach him at jeremy@ForesideTech.com.