Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Business Intelligence Sales & Marketing More Topics...
APC Free White Paper
Optimize your network investment &
Enter to win a Samsung Galaxy Note

www.apc.com
Computing
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Massive Hack Attack on Target: Data Stolen from 40M Cards
Massive Hack Attack on Target: Data Stolen from 40M Cards

By Jennifer LeClaire
December 19, 2013 10:18AM

Bookmark and Share
It's extremely unlikely that hackers could have installed skimmers in Target stores across the country to steal the data from 40 million credit and debit cards. Most likely, Target’s centralized card processing network was compromised with some sort of malware that stole the track data from the credit and debit cards of 40 million shoppers.
 


Cybercriminals put a bullseye on Target, then hit it. The retailing giant is reporting hackers may have tapped into as many as 40 million accounts of consumers who shopped at its stores between Nov. 27 and Dec. 15.

Target acknowledged the hack on Thursday, calling it “unauthorized access to Target payment card data.” The retailer is recommending consumers review their account statements and credit reports to monitor for fraud. The company was quick to apologize, with “deep regret” for any inconvenience it may cause and assured consumers it takes privacy and security seriously.

“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” the company said in a statement. “Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.”

Heartland Revisited?

We caught up with Aaron Titus, CPO and general counsel at Identity Finder, a sensitive data management solution provider, to get his take on the breach. He told us “track data,” which is the data in question in the Target incident, is extra sensitive data physically stored on a credit card magnetic stripe, in addition to the card number, expiration date and verification code.

“Although skimmers -- physical devices that steal track data from point-of-sale machines in stores -- can collect track data, it is extremely unlikely that hackers could have installed skimmers in Target stores across the country,” he said.

At this point, he continued, it seems most likely that Target’s centralized card processing network was compromised with some sort of malware that stole track data, much like the 2009 Heartland Payment Systems breach.

“Organizations that strictly follow PCI-DSS 2.0, and PCI-DSS 3.0 should be able to prevent most of these sorts of breaches, so I imagine Target has already begun the process of locking down, analyzing, and securing their systems,” Titus said. “The first step to PCI-DSS 2.0 and 3.0 compliance is data sensitive data management through discovery and classification, which can help a company identify broken business processes and technology shortcomings.”

Distinguishing Data

The same mentality that allowed the Target incident to occur is often reflected across many systems, according to Kevin O’Brien, a director of product marketing at CloudLock, a cloud information security company.

From his perspective, a data classification system should be in place that can automatically distinguish between the non-sensitive and sensitive data and ensure that governance and policy enforcement mechanisms are in place to prevent accidental cross-pollination between the relatively accessible non-sensitive data storage systems and the high-security PCI/PII storage systems.

“In the cloud, this means having a deep context-aware security solution that can find and apply intelligent tagging to sensitive or regulated assets, and then building policy and governance models that secure that information, without becoming burdensome for that systems users,” he wrote in a blog post.

“In the same way that Target could have still allowed people to use their cards while limiting what could run or touch the POS terminals, organizations can secure their critically sensitive information without impeding the business or its users,” he said.
 

Tell Us What You Think
Comment:

Name:



Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.


 Computing
1.   IBM Adds Disaster Recovery to SoftLayer
2.   Mark Hurd's 5 Keys to Market Success
3.   How To Beat the Heartbleed Bug
4.   OpenSSL Calls for More Support
5.   VMware Rolls Out DR-as-a-Service


advertisement
Don't Reset Passwords for Heartbleed?
Added caution needed to ensure security.
Average Rating:
Last Fixes Tuesday for XP, Office 2003
Microsoft closing out support for two.
Average Rating:
Tech 101: What Is Open Source?
Foundation of countless applications.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
IBM Offers Security, Disaster Recovery as SoftLayer Service
New disaster recovery and security services for SoftLayer clients are being added by IBM. Big Blue said the new capabilities will speed cloud adoption by alleviating concern over business continuity.
 
How To Beat the Heartbleed Bug
Heartbleed headlines continue as IT admins scramble for answers no one has. Early reports of stolen personal data, including 900 social insurance numbers in Canada, are starting to trickle in.
 
After Heartbleed, OpenSSL Calls for More Support
The president of the OpenSSL Foundation says more support is needed from companies and governments that use its software so that it can better spot and fix flawed pieces of code such as Heartbleed.
 

Enterprise Hardware Spotlight
Vaio Fit 11A Battery Danger Forces Recall by Sony
Using a Sony Vaio Fit 11A laptop? It's time to send it back to Sony. In fact, Sony is encouraging people to stop using the laptop after several reports of its Panasonic battery overheating.
 
Continued Drop in Global PC Shipments Slows
Worldwide shipments of PCs fell during the first three months of the year, but the global slump in PC demand may be easing, with a considerable slowdown from last year's drops.
 
Google Glass Finds a Home in Medical Education, Practice
Google Glass may find its first markets in verticals in which hands-free access to data is a boon. Medicine is among the most prominent of those, as seen in a number of Glass experiments under way.
 

Mobile Technology Spotlight
Amazon 3D Smartphone Pics Leaked
E-commerce giant Amazon is reportedly set to launch a smartphone after years of development. Photos of the phone, which may feature a unique 3D interface, were leaked by tech pub BGR.
 
Zebra Tech Buys Motorola Enterprise for $3.45B
Weeks after Lenovo bought Motorola Mobility’s assets from Google for $2.91 million, Zebra Technologies is throwing down $3.45 billion for Motorola’s Enterprise business in an all-cash deal.
 
CTIA Caves, Volunteers Kill Switch Plan
After bucking against the concept of a smartphone kill switch, the CTIA just announced the “Smartphone Anti-Theft Voluntary Commitment” to thwart smartphone thefts in the U.S.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Business Intelligence | Sales & Marketing | Contact Centers | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.