![\"user-pic\"](\"/css/images/default.gif\")
a worm? I suspect that Paula Rosenblum doesn't know what she's talking about when it comes to technology. The hackers didn't give a rat about how many cards they had access to, only that they had access to them. Whether it was 100, 1 million, or 45 million doesn't make a difference. The amount of abuse of the credit cards was likely very, very low when compared to the credit cards exposed. Hackers don't go after stuff like this to get in the media because as soon as that happens, it means that they can't leach off people's accounts anymore.
Throughout the breach, they had *access to* upwards of 45.7 million cards, but that doesn't mean that they *got* 45.7 million cards. The payment card industry tries to take the most liberal guess possible, since they have to worry about all the cardholders who potentially got their data stolen.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-53106-100x100.png\")
The article only says that the crackers in question had access to the decryption algorithm used by TJX. Access to the algorithm is not at all important, unless your company is run by idiots who think using a s00p3r-s3kr1t proprietary crypto scheme guarantees security. Most of the world's most important crypto algorithms - including 3DES, the (somewhat inadequate) scheme used by every bank in the world - are available to the public. The only thing that counts is the encryption key; if TJX left their crypto keys in an area accessible to malicious intruders, then they deserve to be sued for everything they've got. Encryption - regardless of algorithm - is completely worthless unless the key is kept as secure as possible.