Wireless Encryption faulted in TJX hacking

Hackers stole millions of credit card numbers from discount retailer TJX Cos. by intercepting wireless transfers of customer information at two Miami-area Marshalls stores, according to an eight-month investigation by the Canadian government.

The probe led by Canadian Privacy Commissioner Jennifer Stoddart faulted TJX for failing to upgrade its data encryption system by the time the electronic eavesdropping began in July 2005. The break-in ultimately gave hackers undetected access to TJX's central databases for a year and a half, exposing at least 45 million credit and debit cards to potential fraud.

"The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it — putting the privacy of millions of its customers at risk," said Stoddart, who serves as an ombudsman and advocate to protect Canadians' privacy rights. She announced the findings at an information security conference in Montreal on Tuesday.