Tuesday, February 4, 2014

Target Data Breach

Target Data Breach
tags: Timeline 2013, Software Data Attacks

November 27, 2013 Target Data Breach Financial information of 40 million shoppers who swiped their cards at Target stores between Nov 27 and Dec 15 2013 was stolen, including not only magnetic stripe information but encrypted PIN data. Malware which bore evidence of origin from Russian hackers had been installed on terminal computers which searched memory for unencrypted data. Later investigation revealed 70 million customers may have had names, mailing addresses, phone and e-mail addresses stolen which is not contained on card stripes, but in corporate databases.

No officials or media have mentioned any link to terrorism or foreign government involvement

References



Wikipedia:

2013 security breach[edit]

On December 18, 2013, security expert Brian Krebs broke news[45] that Target was investigating a major data breach "potentially involving millions of customer credit and debit card records." The report quickly spread across news channels. On December 19, Target confirmed the incident via a press release,[46] revealing that the hack took place between November 27 and December 15, 2013. Target warned that up to 40 million consumer credit and debit cards may have been compromised. Hackers gained access to customer names, card numbers, expiration dates, and CVV security codes of the cards issued by financial institutions. On December 27 Target disclosed that debit card PIN data had also been stolen, albeit in encrypted form, reversing an earlier stance that PIN data was not part of the breach. Target noted that the accessed PIN numbers were encrypted using Triple DES and has stated the PINs remain "safe and secure" due to the encryption.[47] On January 10, 2014, Target disclosed that the names, mailing addresses, phone numbers or email addresses of up to 70 million additional people had also been stolen, bringing the possible number of customers affected up to 110 million.[9]
Target is encouraging customers who shopped at its US stores (online orders were not affected) during the specified timeframe to closely monitor their credit and debit cards for irregular activity. The retailer has also confirmed that it is working with law enforcement, including the United States Secret Service, "to bring those responsible to justice." The data breach has been called the second-largest retail cyber attack in history,[48] and has been compared to the 2009 non-retail Heartland Payment Systemscompromise, which affected 130 million credit cards, and to the 2007 retail TJX Companiescompromise, which affected 90 million people.[49] As an apology to the public, all Target stores in the United States gave retail shoppers a 10% storewide discount for the weekend of December 21–22, 2013. Target has announced plans to offer free credit monitoring to affected customers.[50] Target reported total transactions for the same time last year were down 3-4%, as of December 23, 2013.[51][52]
According to TIME Magazine, a 17-year-old Russian teen was suspected to be the author of the Point of Sale (POS) malware program, "BlackPOS", which was used by others to attack unpatched Windows computers used at Target.[53] The teen denied the allegation.[54] Later, a 23-year-old Russian, Rinat Shabayev, claimed to be the malware author.[54][55]
On January 29, 2014, a Target spokeswoman said that the individual(s) who hacked its customers' data had stolen credentials from a store vendor, but did not elaborate on which vendor or which credentials were taken.[56]

Sources
    1. ABC News ‎- 1 hour ago
      Banks and big retailers are locked in a debate over the breach of consumer data that gripped Target Corp. during the holiday season. At issue: ...

  1. data breach FAQ - Target Corporate

    corporate.target.com › about › shopping experience

    Target Corporation
    We truly value our relationship with you, our guests, and know this incident had a significant impact on you. We are sorry. We remain focused on addressing your ...

  2. response & resources related to Target's data breach

    https://corporate.target.com/.../payment-card-issue....

    Target Corporation
    response & resources related to Target's data breach. Visit this page for regular updates and reliable information about our recent data breach, including all ...

  3. target data breach — Krebs on Security

    krebsonsecurity.com/tag/target-data-breach/

    Brian Krebs
    6 days ago - An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into ...

  4. Target fast-tracks new credit card security following data breach ...

    www.theverge.com/.../target-fast-tracks-new-credit-card-secu...

    The Verge
    12 hours ago - Target says it's accelerating a program that will update its retail stores with technology designed to thwart credit card fraud. In an op-ed in The ...

  5. Target data breach under close investigative scrutiny - USA Today

    www.usatoday.com/story/.../target-data-breach.../4421345/

    USA Today
    Jan 13, 2014 - As computer experts peel back the layers of Target's massive data breach, federal and state law enforcement agencies are running parallel ...

  6. After data breachTarget develops high-security credit cards | ZDNet

    www.zdnet.com/after-data-breach-target-develops-high-...

    ZDNet
    7 hours ago - Summary: Following a disastrous data breach that resulted in the theft of millions of customer records, Target is working on high-security ...

  7. Cybersecurity experts warn Target data breach only the beginning ...

    www.providencejournal.com/.../20140201-c...

    The Providence Journal
    2 days ago - Many Americans may have been unaware of the perils of buying with credit cards until the Target breach, and now an FBI report says the worst ...

  8. The Target Data Breach Is Becoming A Nightmare - Forbes

    www.forbes.com/.../the-target-data-breach-is-becoming-a-night...

    Forbes
    Jan 17, 2014 - Over the past month, details about the breadth of the Target data breach have continued to emerge. It's not a pretty story. Bad enough when it ...

  9. Target data breach: Beyond cards? - CNBC.com

    www.cnbc.com/id/101328613

    CNBC
    Jan 11, 2014 - A revelation by Target showed its data breach spanned far wider than expected, raising questions about exactly how such an expansive hack ...


Target Data Breach Ninjapundit Crime
100 2/4/2014

No comments:

Post a Comment