I have some additional details that were published in Seven Deadliest Wireless Technologies Attacks. According to this publication, one in my personal library, this attack was lead by Albert Gonzalez who was a member of Shadow Crew a group of hackers who were responsible for stealing 100 million credit card numbers and routing the theft through Latvia. As part of his plea agreement he took on August 28, 2009 he helped the US Sccret Service take down 19 other Shadow Crew members. While Mr. Gonzalez was in the custody of the Secret Service he spear-headed the TJX heist. It was done using wardriving techniques while members of his group traversed US 1 along Florida's Atlantic coast. I read that the Wi-Fi they tapped into was associated with locations in Miami, Florida. The networks were set up to link wireless bar-code-reading scanner guns to the stores servers. The guns firmware would not support the far superior WPA encryption and the company was slow to upgrade. Visa was aware of this security risk but gave them a pass and just said that they needed to take action in the future. Corporate e-mail showed that upgrade were delayed as a cost saving measure. Visa a member of the PCI the group charged with over seeing security associated with credit card transactions dropped the ball big time.
In retrospect the cost of upgrading the guns is tiny compared to the estimated 1 billion this will cost TJX over 5 years. Wire less is one of the greatest accomplisments of human achievement but without proper care it could be a disaster.
Haines, B. (2010). Seven Deadliest Wireless Technologies Attacks. Amsterdam: Syngress.