Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.
World Wide Web
Next Generation Data Center Is Here!
Average Rating:
Rate this article:  
Massive Hack Attack on Target: Data Stolen from 40M Cards
Massive Hack Attack on Target: Data Stolen from 40M Cards

By Jennifer LeClaire
December 19, 2013 10:18AM

    Bookmark and Share
It's extremely unlikely that hackers could have installed skimmers in Target stores across the country to steal the data from 40 million credit and debit cards. Most likely, Target’s centralized card processing network was compromised with some sort of malware that stole the track data from the credit and debit cards of 40 million shoppers.
 


Cybercriminals put a bullseye on Target, then hit it. The retailing giant is reporting hackers may have tapped into as many as 40 million accounts of consumers who shopped at its stores between Nov. 27 and Dec. 15.

Target acknowledged the hack on Thursday, calling it “unauthorized access to Target payment card data.” The retailer is recommending consumers review their account statements and credit reports to monitor for fraud. The company was quick to apologize, with “deep regret” for any inconvenience it may cause and assured consumers it takes privacy and security seriously.

“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” the company said in a statement. “Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.”

Heartland Revisited?

We caught up with Aaron Titus, CPO and general counsel at Identity Finder, a sensitive data management solution provider, to get his take on the breach. He told us “track data,” which is the data in question in the Target incident, is extra sensitive data physically stored on a credit card magnetic stripe, in addition to the card number, expiration date and verification code.

“Although skimmers -- physical devices that steal track data from point-of-sale machines in stores -- can collect track data, it is extremely unlikely that hackers could have installed skimmers in Target stores across the country,” he said.

At this point, he continued, it seems most likely that Target’s centralized card processing network was compromised with some sort of malware that stole track data, much like the 2009 Heartland Payment Systems breach.

“Organizations that strictly follow PCI-DSS 2.0, and PCI-DSS 3.0 should be able to prevent most of these sorts of breaches, so I imagine Target has already begun the process of locking down, analyzing, and securing their systems,” Titus said. “The first step to PCI-DSS 2.0 and 3.0 compliance is data sensitive data management through discovery and classification, which can help a company identify broken business processes and technology shortcomings.”

Distinguishing Data

The same mentality that allowed the Target incident to occur is often reflected across many systems, according to Kevin O’Brien, a director of product marketing at CloudLock, a cloud information security company.

From his perspective, a data classification system should be in place that can automatically distinguish between the non-sensitive and sensitive data and ensure that governance and policy enforcement mechanisms are in place to prevent accidental cross-pollination between the relatively accessible non-sensitive data storage systems and the high-security PCI/PII storage systems.

“In the cloud, this means having a deep context-aware security solution that can find and apply intelligent tagging to sensitive or regulated assets, and then building policy and governance models that secure that information, without becoming burdensome for that systems users,” he wrote in a blog post.

“In the same way that Target could have still allowed people to use their cards while limiting what could run or touch the POS terminals, organizations can secure their critically sensitive information without impeding the business or its users,” he said.
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 World Wide Web
1.   Internet.org App to Debut in Zambia
2.   HealthCare.gov's Rollout Probed
3.   Alibaba Mulling Stake in Snapchat
4.   Tor Internet Privacy Service Breached
5.   Amazon Invests $2B To Grow in India


advertisement
OkCupid Experiments with Daters
Unethical without user consent?
Average Rating:
Radical.FM's Freemium Biz Model
Online radio startup asks for donations.
Average Rating:
Alibaba Mulling Stake in Snapchat
May be latest to reach $10B valuation.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
New 'Backoff' Malware Slips Undetected into Retail Systems
'Malicious actors' are using a new variety of malware to access consumer payment data remotely through point-of-sale systems, according to a report from the Department of Homeland Security.
 
IBM Beefs Up Identity Intelligence Security Solutions
Big Blue is betting big on identity intelligence. IBM just acquired a private firm with security software to govern user access to apps and data across cloud and on-premise environments.
 
USB Security Flaw Lets Hackers Hijack PCs
Hackers can use the firmware that controls USB functions to take control of computers, say security experts. That means there may be a new class of attack for which there are no defenses.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.