11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`4 Years After TJX Hack, Payment Industry Sets Security
`Standards
`Four years after hackers breached TJX’s unsecured wireless network and stole information on
`more than 94 million customers, a standards body for the payment-card industry has finally
`released guidelines for securing wireless networks. The Payment Card Industry Security
`Standards Council released its 33-page report (.pdf) on Thursday. It said the guidelines are the
`product of […]
`
`https://www.wired.com/2009/07/pci/
`
`1/7
`
`AuthWallet, LLC Ex. 2003-1
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`KIM ZETTER
`S E C U R I T Y
`07.17.2009 01:30 PM
`Four years after hackers breached TJX's unsecured wireless network and stole information on more than 94 million
`customers, a standards body for the payment-card industry has finally released guidelines for securing wireless
`networks.
`The
`Payment Card Industry Security Standards Council released its 33-page report (.pdf) on Thursday. It said the
`guidelines are the product of a working group composed of more than 40 entities -- banks, network security companies
`and point-of-sale vendors -- convened after the wireless networks of several companies, including TJX, the parent
`company of TJ Maxx, Marshalls, Office Max and other outlets, were hacked.
`Although the standards are aimed at companies that handle payment-card transactions, the council noted in a statement
`that "these are requirements that all organizations should have in place to protect their networks from attacks...."
`The guidelines address secure implementations for deploying an 802.11 WLAN. They include such obvious steps as
`regularly scanning the network for unauthorized or rogue access points, and setting up an automated alert and response
`plan to address any that are found; installing firewalls to isolate wireless networks that process or store payment-card
`data from networks that don't process card transactions; changing default passwords and settings on wireless devices
`and firewalls; and using strong authentication and encryption.
`

`

`11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`https://www.wired.com/2009/07/pci/
`
`2/7
`
`AuthWallet, LLC Ex. 2003-2
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`In 2007, TJX disclosed that hackers had been inside its network stealing data for at least 18 months before they were
`discovered. An investigation revealed that the hackers obtained access by sitting in the parking lot of two Marshall's
`stores in Miami and aiming a powerful antenna at its wireless network. TJX was found to have used a weak and outdated
`encryption standard to protect the data, among other things.
`In 2008, a
`TJ Maxx employee was fired for posting messages to an online forum disclosing that his employer was still
`engaging in unsecure network practices a year after the record-setting breach was discovered. He wrote that his
`managers changed the network log-in protocols to allow employees to log onto company servers using blank passwords.
`The store server was also run in administrator mode, making it easy for hackers — or store employees — to have
`escalated privileges on the system once they entered it.
`See also:
`In Legal First, Data Breach Suit Targets Auditor
`TJX Failed to Notice Thieves Moving 80-GBytes of Data on its Network
`TJX Fires Employee for Disclosing Security Problems
`TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison
`Feds Charge 11 in Breaches at TJ Maxx OfficeMax, DSW, Others
`Kim Zetter is an award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security. She is writing a book about
`Stuxnet, a digital weapon that was designed to sabotage Iran's nuclear program.
`SENIOR WRITER, WIRED
`TOPICS
`CARDING
`CYBERSECURITY
`MORE FROM WIRED
`

`

`11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`Someone Snuck a Card Skimmer Into Costco to Nab Shopper Data
`
`A Canadian Teen Was Arrested in a $36.5M SIM-Swap Heist
`
`https://www.wired.com/2009/07/pci/
`
`3/7
`
`AuthWallet, LLC Ex. 2003-3
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`Plus: A Robinhood breach, NSO Group spyware, and more of the week's top security news.
`BRIAN BARRETT
`Plus: An FBI email hack, a cam site data leak, and more of the week's top security news.
`BRIAN BARRETT
`

`

`11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`Iranian Hackers Are Going After US Critical Infrastructure
`
`Another Intel Chip Flaw Puts a Slew of Gadgets at Risk
`
`https://www.wired.com/2009/07/pci/
`
`4/7
`
`AuthWallet, LLC Ex. 2003-4
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet
`updated.
`DAN GOODIN, ARS TECHNICA
`The vulnerability allows an attacker with physical access to the CPU to bypass the security measures protecting some of its most sensitive
`data.
`DAN GOODIN, ARS TECHNICA
`

`

`11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`The Pentagon Has Set Up a UFO Office
`
`The Biggest Ransomware Bust Yet Might Actually Make an Impact
`
`https://www.wired.com/2009/07/pci/
`
`5/7
`
`AuthWallet, LLC Ex. 2003-5
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`Plus: An Apple lawsuit, a GoDaddy breach, and more of the week's top security news.
`BRIAN BARRETT AND LILY HAY NEWMAN
`By arresting one alleged hacker associated with REVil and seizing millions from another, the US has made it clear that ransomware
`comes with a cost.
`LILY HAY NEWMAN
`

`

`11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`The US Puts a $10M Bounty on DarkSide Ransomware Hackers
`
`https://www.wired.com/2009/07/pci/
`
`6/7
`
`AuthWallet, LLC Ex. 2003-6
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`Plus: a “Trojan Source” bug, Russian hackers exposed, and more of the week's top security news.
`BRIAN BARRETT AND LILY HAY NEWMAN
`SPONSORED STORIES
`BLISSY
`This Pillowcase Is Quickly Becoming The Must-
`Have Gift Of 2021
`CAMPER VANS WAREHOUSE
`Most Affordable Camper Vans
`REFINERY29.COM
`30 Memes Accurately Capturing the Agony of a
`Sunburn
`MONEY WISE
`Kirkland Products That Are Actually Big Brands In
`Disguise
`TOP TECH TODAY
`Here Are The 27 Coolest Gifts For 2021
`CARILOHA US
`Aloha Soft Bamboo Sheets
`POWERED BY
`

`

`11/29/21, 4:33 PM
`
`4 Years After TJX Hack, Payment Industry Sets Security Standards | WIRED
`
`Get WIRED for $10 $5
`Plus, free stickers!
`
`S U B S C R I B E
`
`https://www.wired.com/2009/07/pci/
`
`7/7
`
`AuthWallet, LLC Ex. 2003-7
`Unified Patents v. AuthWallet, LLC IPR2021-01260
`
`