Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Get Recognized.
Let an ISACA® certification
enhance your career.

Register for an Exam Today
World Wide Web
Real-time info services with Neustar
Average Rating:
Rate this article:  
Massive Hack Attack on Target: Data Stolen from 40M Cards
Massive Hack Attack on Target: Data Stolen from 40M Cards

By Jennifer LeClaire
December 19, 2013 10:18AM

    Bookmark and Share
It's extremely unlikely that hackers could have installed skimmers in Target stores across the country to steal the data from 40 million credit and debit cards. Most likely, Target’s centralized card processing network was compromised with some sort of malware that stole the track data from the credit and debit cards of 40 million shoppers.
 



Cybercriminals put a bullseye on Target, then hit it. The retailing giant is reporting hackers may have tapped into as many as 40 million accounts of consumers who shopped at its stores between Nov. 27 and Dec. 15.

Target acknowledged the hack on Thursday, calling it “unauthorized access to Target payment card data.” The retailer is recommending consumers review their account statements and credit reports to monitor for fraud. The company was quick to apologize, with “deep regret” for any inconvenience it may cause and assured consumers it takes privacy and security seriously.

“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” the company said in a statement. “Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.”

Heartland Revisited?

We caught up with Aaron Titus, CPO and general counsel at Identity Finder, a sensitive data management solution provider, to get his take on the breach. He told us “track data,” which is the data in question in the Target incident, is extra sensitive data physically stored on a credit card magnetic stripe, in addition to the card number, expiration date and verification code.

“Although skimmers -- physical devices that steal track data from point-of-sale machines in stores -- can collect track data, it is extremely unlikely that hackers could have installed skimmers in Target stores across the country,” he said.

At this point, he continued, it seems most likely that Target’s centralized card processing network was compromised with some sort of malware that stole track data, much like the 2009 Heartland Payment Systems breach.

“Organizations that strictly follow PCI-DSS 2.0, and PCI-DSS 3.0 should be able to prevent most of these sorts of breaches, so I imagine Target has already begun the process of locking down, analyzing, and securing their systems,” Titus said. “The first step to PCI-DSS 2.0 and 3.0 compliance is data sensitive data management through discovery and classification, which can help a company identify broken business processes and technology shortcomings.”

Distinguishing Data

The same mentality that allowed the Target incident to occur is often reflected across many systems, according to Kevin O’Brien, a director of product marketing at CloudLock, a cloud information security company.

From his perspective, a data classification system should be in place that can automatically distinguish between the non-sensitive and sensitive data and ensure that governance and policy enforcement mechanisms are in place to prevent accidental cross-pollination between the relatively accessible non-sensitive data storage systems and the high-security PCI/PII storage systems.

“In the cloud, this means having a deep context-aware security solution that can find and apply intelligent tagging to sensitive or regulated assets, and then building policy and governance models that secure that information, without becoming burdensome for that systems users,” he wrote in a blog post.

“In the same way that Target could have still allowed people to use their cards while limiting what could run or touch the POS terminals, organizations can secure their critically sensitive information without impeding the business or its users,” he said.
 

Tell Us What You Think
Comment:

Name:



You have the experience and skills, let an ISACA® certification demonstrate your value. Our certifications announce that you have the expertise and insight to speak with authority. ISACA certification is more than a credential; it's a platform that can elevate your career. Register for an Exam Today.


 World Wide Web
1.   Google, SAP, More Fight Patent Trolls
2.   NY Reaches Price Limit Deal with Uber
3.   Germany Probes New U.S. Spy Case
4.   Facebook Experiment Now a Debate
5.   A Thumbs-Up for NSA Internet Spying


advertisement
Facebook Social Experiment Irks Us
Secretive test was legal, but ethical?
Average Rating:
Google, SAP, More Fight Patent Trolls
Firms want to innovate, not litigate.
Average Rating:
Germany Probes New U.S. Spy Case
Further fraying U.S., Berlin relations.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 
Russian Arrested in Hacking Case Filed in Seattle
The U.S. Secret Service has arrested a Russian man who is accused of hacking store computers to steal thousands of credit card numbers, charging him with bank fraud, identity theft and more.
 

Enterprise Hardware Spotlight
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 
Gartner Sales Study Sees Tablets Up, PCs Down but Recovering
Are PCs on the comeback trail? That depends on how you define "comeback." While tablet sales remain strong, Gartner's latest study found PC shipments aren't dropping as fast as they did last year.
 
Review: Warming Up to Tablets with Keyboard Covers
If you've ever thought tablets with keyboard covers were just a poor excuse for a laptop, think again. Nokia's Lumia 2520 comes with an optional keyboard cover that just may change your mind.
 

Mobile Technology Spotlight
Silent Circle Ends Phone Roaming Charges
Encryption telephone service provider Silent Circle has begun offering international calling plans without global roaming charges, allowing overseas travelers to avoid exorbitant wireless fees.
 
LinkedIn Replaces Contacts App with New 'Connected'
Popular business social site LinkedIn is trying to reinvigorate its mobile side. The company has launched a redesigned app for keeping people connected, replacing its previous Contacts app.
 
Is Apple Dumping iPhones on eBay in Advance of iPhone 6?
Apple reportedly has opened an eBay storefront called Factory Certified that is selling Apple-certified refurbished iPhones for a fraction of what they cost new, with a "final quality inspection by Apple."
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.