These days, one expects to be notified one or two times a year about potential exposure in a data breach. Nineteen years ago, that wasn’t as commonplace—and we were learning just how widespread the problem could be.
In January 2007, the TJX Companies Inc.—the company behind TJ Maxx, Marshalls, and HomeGoods, among other retailers—announced it had “suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions.” This sentence was just the tip of the iceberg, and when all was said and done, it was determined there had been potential losses of approximately $21 billion and at least 45 million credit and debit card numbers stolen, with some estimates doubling that number. The case tipped off authorities to a major international hacking ring led by Albert Gonzalez. The ring targeted not only TJX but also 7-Eleven, Barnes & Noble, OfficeMax, and more, and its unraveling led the Payment Card Industry (PCI) Security Standards Council to issue new guidelines for wireless network security aimed at protecting consumer data.
An August 2008 indictment revealed the hackers drove by retailers searching for unsecured wireless networks—a practice called “wardriving.” They would hack into these networks to install “sniffer” programs that captured consumer data, which was then encrypted in servers in the U.S. and Eastern Europe. Some of the data they sold.
Gonzalez was not unknown to the authorities. The Secret Service had arrested him in 2003 for access device fraud (the case was unrelated). But he was also working as a confidential informant for the agency.
Gonzalez eventually pled guilty to 19 counts of conspiracy; computer, wire, and access device fraud; and aggravated identity theft.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: JHVEPhoto / Shutterstock
This post originally appeared on Smarter MSP.