Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Business Intelligence Sales & Marketing More Topics...
Customer Service
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Massive Hack Attack on Target: Data Stolen from 40M Cards
Massive Hack Attack on Target: Data Stolen from 40M Cards

By Jennifer LeClaire
December 19, 2013 10:18AM

Bookmark and Share
It's extremely unlikely that hackers could have installed skimmers in Target stores across the country to steal the data from 40 million credit and debit cards. Most likely, Target’s centralized card processing network was compromised with some sort of malware that stole the track data from the credit and debit cards of 40 million shoppers.
 


Cybercriminals put a bullseye on Target, then hit it. The retailing giant is reporting hackers may have tapped into as many as 40 million accounts of consumers who shopped at its stores between Nov. 27 and Dec. 15.

Target acknowledged the hack on Thursday, calling it “unauthorized access to Target payment card data.” The retailer is recommending consumers review their account statements and credit reports to monitor for fraud. The company was quick to apologize, with “deep regret” for any inconvenience it may cause and assured consumers it takes privacy and security seriously.

“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” the company said in a statement. “Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.”

Heartland Revisited?

We caught up with Aaron Titus, CPO and general counsel at Identity Finder, a sensitive data management solution provider, to get his take on the breach. He told us “track data,” which is the data in question in the Target incident, is extra sensitive data physically stored on a credit card magnetic stripe, in addition to the card number, expiration date and verification code.

“Although skimmers -- physical devices that steal track data from point-of-sale machines in stores -- can collect track data, it is extremely unlikely that hackers could have installed skimmers in Target stores across the country,” he said.

At this point, he continued, it seems most likely that Target’s centralized card processing network was compromised with some sort of malware that stole track data, much like the 2009 Heartland Payment Systems breach.

“Organizations that strictly follow PCI-DSS 2.0, and PCI-DSS 3.0 should be able to prevent most of these sorts of breaches, so I imagine Target has already begun the process of locking down, analyzing, and securing their systems,” Titus said. “The first step to PCI-DSS 2.0 and 3.0 compliance is data sensitive data management through discovery and classification, which can help a company identify broken business processes and technology shortcomings.”

Distinguishing Data

The same mentality that allowed the Target incident to occur is often reflected across many systems, according to Kevin O’Brien, a director of product marketing at CloudLock, a cloud information security company.

From his perspective, a data classification system should be in place that can automatically distinguish between the non-sensitive and sensitive data and ensure that governance and policy enforcement mechanisms are in place to prevent accidental cross-pollination between the relatively accessible non-sensitive data storage systems and the high-security PCI/PII storage systems.

“In the cloud, this means having a deep context-aware security solution that can find and apply intelligent tagging to sensitive or regulated assets, and then building policy and governance models that secure that information, without becoming burdensome for that systems users,” he wrote in a blog post.

“In the same way that Target could have still allowed people to use their cards while limiting what could run or touch the POS terminals, organizations can secure their critically sensitive information without impeding the business or its users,” he said.
 

Tell Us What You Think
Comment:

Name:



Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.


 Customer Service
1.   Bezos Talks Grocery Delivery, Drones
2.   Watson Boosts Customer Engagement
3.   Comcast Customer Service Makeover
4.   High Cost of Great Customer Service
5.   Customers Need Marketing's Attention


advertisement
Watson Boosts Customer Engagement
Future of customer interaction tech?
Average Rating:
Bezos Talks Grocery Delivery, Drones
Amazon's future touted for shareholders.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Verizon Data Breach Report Exposes Top Threats
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
White House Updating Online Privacy Policy
A new Obama administration privacy policy explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites, saying much is in the public domain.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Business Intelligence | Sales & Marketing | Contact Centers | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.