tags: Timeline 2013, Software Data Attacks
November 27, 2013 Target Data Breach Financial information of 40 million shoppers who swiped their cards at Target stores between Nov 27 and Dec 15 2013 was stolen, including not only magnetic stripe information but encrypted PIN data. Malware which bore evidence of origin from Russian hackers had been installed on terminal computers which searched memory for unencrypted data. Later investigation revealed 70 million customers may have had names, mailing addresses, phone and e-mail addresses stolen which is not contained on card stripes, but in corporate databases.
No officials or media have mentioned any link to terrorism or foreign government involvement
References
Wikipedia:
2013 security breach[edit]
On December 18, 2013, security expert Brian Krebs broke news[45] that Target was investigating a major data breach "potentially involving millions of customer credit and debit card records." The report quickly spread across news channels. On December 19, Target confirmed the incident via a press release,[46] revealing that the hack took place between November 27 and December 15, 2013. Target warned that up to 40 million consumer credit and debit cards may have been compromised. Hackers gained access to customer names, card numbers, expiration dates, and CVV security codes of the cards issued by financial institutions. On December 27 Target disclosed that debit card PIN data had also been stolen, albeit in encrypted form, reversing an earlier stance that PIN data was not part of the breach. Target noted that the accessed PIN numbers were encrypted using Triple DES and has stated the PINs remain "safe and secure" due to the encryption.[47] On January 10, 2014, Target disclosed that the names, mailing addresses, phone numbers or email addresses of up to 70 million additional people had also been stolen, bringing the possible number of customers affected up to 110 million.[9]
Target is encouraging customers who shopped at its US stores (online orders were not affected) during the specified timeframe to closely monitor their credit and debit cards for irregular activity. The retailer has also confirmed that it is working with law enforcement, including the United States Secret Service, "to bring those responsible to justice." The data breach has been called the second-largest retail cyber attack in history,[48] and has been compared to the 2009 non-retail Heartland Payment Systemscompromise, which affected 130 million credit cards, and to the 2007 retail TJX Companiescompromise, which affected 90 million people.[49] As an apology to the public, all Target stores in the United States gave retail shoppers a 10% storewide discount for the weekend of December 21–22, 2013. Target has announced plans to offer free credit monitoring to affected customers.[50] Target reported total transactions for the same time last year were down 3-4%, as of December 23, 2013.[51][52]
According to TIME Magazine, a 17-year-old Russian teen was suspected to be the author of the Point of Sale (POS) malware program, "BlackPOS", which was used by others to attack unpatched Windows computers used at Target.[53] The teen denied the allegation.[54] Later, a 23-year-old Russian, Rinat Shabayev, claimed to be the malware author.[54][55]
On January 29, 2014, a Target spokeswoman said that the individual(s) who hacked its customers' data had stolen credentials from a store vendor, but did not elaborate on which vendor or which credentials were taken.[56]
Sources
- ABC News - 1 hour agoBanks and big retailers are locked in a debate over the breach of consumer data that gripped Target Corp. during the holiday season. At issue: ...
- The Providence Journal - 1 day ago
data breach FAQ - Target Corporate
response & resources related to Target's data breach
https://corporate.target.com/.../payment-card-issue....
Target Corporation
target data breach — Krebs on Security
krebsonsecurity.com/tag/target-data-breach/
Brian Krebs
Target fast-tracks new credit card security following data breach ...
www.theverge.com/.../target-fast-tracks-new-credit-card-secu...
The Verge
Target data breach under close investigative scrutiny - USA Today
www.usatoday.com/story/.../target-data-breach.../4421345/
USA Today
After data breach, Target develops high-security credit cards | ZDNet
www.zdnet.com/after-data-breach-target-develops-high-...7 hours ago - Summary: Following a disastrous data breach that resulted in the theft of millions of customer records, Target is working on high-security ...
ZDNet
Cybersecurity experts warn Target data breach only the beginning ...
www.providencejournal.com/.../20140201-c...
The Providence Journal
The Target Data Breach Is Becoming A Nightmare - Forbes
www.forbes.com/.../the-target-data-breach-is-becoming-a-night...
Forbes
Target data breach: Beyond cards? - CNBC.com
www.cnbc.com/id/101328613
CNBC
Target Data Breach Ninjapundit Crime
100 2/4/2014
No comments:
Post a Comment