Retailers Targeted for Identity Theft

"Attention shoppers - we have a sale on bedding going on in section 3, and while you're checking out, your credit card information may be conveniently handed over to a hacker who eavesdrops on our network." While not quite the message retailers may want you to hear, this message should be placed on the doors of every store as a warning to their customers. The year 2007 was a banner year for identity theft from retail transactions, from information gleaned from news source Attrition.org.

This past year saw a massive spike in criminals stealing personal information. From an estimated 20 million in 2006 - to over 100 million in 2007. Most of that jump can be attributed to a single source - retail transaction records being either intercepted, or snooped while the transactions happen.

It was revealed in January that somewhere between 45.6 million and 94 million credit card numbers were stolen when blackhat hackers wormed their way into the wireless transaction network of TJX companies, which operate the TJ Maxx and Marshall chain of stores. The huge variation in the number comes from two different sources - the low end estimated by TJX, and the big number, nearly a third of all Americans, from the banks and their credit card operators.

In February, hackers managed to place the equivalent of electronic bugs in the card swiping machines at Stop & Shop Supermarkets, and stole an unknown number of credit card numbers before the leak was found and the gates slammed in their face by the retailer that operates 385 supermarkets around the country. Who received this information is still unknown.

Stop & Shop was not the only grocer whose card readers were hijacked. The massive Albertson's chain saw stores in the San Francisco bay area hit, with thefts going on for at least three months before the hole was discovered and their card readers replaced in over 250 stores.

Ticketmaster was also a target of hackers last year, with its European division Kartenhaus hacked and an estimated 66,000 transaction details stolen between October 2006 and September 2007 when the breach was discovered.

Online retailer Art.com was also the subject of a hack that was reported in October. Credit and transaction details from July through September 2007 were reported stolen.

Industry experts told CNN that the primary problem is that retailers are being reactive, rather than proactive, in closing security holes in their networks - and that more and more hacks via eavesdropping are likely as retailers switch to encrypted wireless transmission of data.

Jay Tumas, the head of Harvard University's network operations, told attendees at a recent conference that retailers need to increase their vigilance, as eavesdroppers on these types of transactions rapidly learn how to bypass this type of security, usually within one or two years.