Now we know TJX wasn't the only screw-up...

Yesterday's U.S. Department of Justice indictment ought to come as a relief to the TJX, the Massachusetts-based retailer who's been the corporate whipping boy for slack wireless security for nearly three years.

That's because it's now evident that TJX isn't the only security screwup in retail.

At a top-heavy press conference in Boston, Attorney General Michael Mukasey, with various US Attorney and the Secret Service, revealed that 11 perps virtually ransacked nine major U.S. retailers, apparently in almost every case by wardriving to snoop more or less open wireless LANs, and then planting sniffer programs on internal computers to collect credit card and other data. Over 40 million credit card accounts were compromised. Besides, TJX, the others named were: BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, and DSW. A New York restaurant chain, Dave & Busters, was another victim named in one of the indictments.

The real victims are, well, us. Even assuming the credit card companies covered the unauthorized withdrawals and purchases made on the purloined card accounts, the credit and debit card companies, and the retailers, are on the hook for Godaloneknows how many millions. Just one alleged conspirator, Maksym Yastremskiy, of the Ukraine, reaped over $11 million from his crimes, according to DOJ.

The indictment doesn't go into details on how these retailers apparently almost invited these attacks: that's certainly the case with TJX, where WLAN security was almost non-existent. And apparently still is appallingly slack in the retail industry: early this year, wireless security vendor AirDefense reported on its own New York City war drive, which found that one third of the 800 stores scanned had no, zero, zip WLAN security, another third had only weak protection.

That guarantees plenty of future photo-ops for federal crimefighters, and plenty of future losses and bad press for companies that still don't take wireless security seriously.

• Wireless / Mobile
• hacking
• TJX
• wardriving
• wireless
• wireless security