Guest Posted December 19, 2013 Share Posted December 19, 2013 Target has confirmed that data from about 40 million credit and debit cards was stolen at its stores between Nov. 27 and Dec. 15. View the full article Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 19, 2013 Share Posted December 19, 2013 Wow! Quite the penalty for all the trouble to attend a Black Friday event? Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 19, 2013 Share Posted December 19, 2013 The statement from the retailer Thursday follows reports that thieves had accessed data stored on the magnetic stripe on the back of credit and debit cards during the Black Friday weekend through card swiping machines that could have been tampered with at the retailer's stores, a practice known as card skimming. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted December 19, 2013 Share Posted December 19, 2013 Modern technology has its weaknesses, it seems. I didn't do any shopping at Target. Actually, I probably haven't even walked into a Target since sometime around 1998, I think. Not that I have anything against Target. It's just that Kmart, Walmart, Family Dollar, and Dollar General are all more conveniently located to me. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 19, 2013 Share Posted December 19, 2013 Target is close enough but I don't go during any Black Friday events in person. If I can't get it online, forget it. Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 20, 2013 Share Posted December 20, 2013 Isn't that a simplistic response? Sure there are software holes, but these sites are not being hacked all using the same method. They are exploiting various methods and holes, some known, some unknown. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 20, 2013 Share Posted December 20, 2013 This is not sites being hacked. This is in person man in the middle attacks that should never work! They are getting CC stripes swipes! Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 20, 2013 Share Posted December 20, 2013 My understanding a payment processing server was compromised, and it was not the POS terminals themselves...... Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 20, 2013 Share Posted December 20, 2013 (edited) From the article: The statement from the retailer Thursday follows reports that thieves had accessed data stored on the magnetic stripe on the back of credit and debit cards during the Black Friday weekend through card swiping machines that could have been tampered with at the retailer's stores, a practice known as card skimming. The data could have been used to create counterfeit cards that could even be used to withdraw money at an ATM, according to the reports. The card information that may have been compromised includes the name of the customer, credit or debit card number, the cards expiration date and the three-digit CVV security code, Target said in a note to customers. Shoppers at its online store Target.com or at physical stores outside the U.S were not affected, it added. Edited December 20, 2013 by LilBambi Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 20, 2013 Share Posted December 20, 2013 Putting enough skimmers out there to capture 40 million cards? I find that at least improbable. http://www.reuters.com/article/2013/12/19/us-target-breach-idUSBRE9BH1GX20131219 Investigators are still trying to understand how the attack was carried out, including whether hackers found a weakness at Target's own computer network or through credit card services vendors. It was not immediately clear what percent of the transactions at its brick and mortar stores had been compromised but the company said its online business had not been affected. http://bits.blogs.nytimes.com/2013/12/18/target-looking-into-security-breach/ Point-of-sale systems have become a major target for cybercriminals in recent years. To pull it off, security experts said a company insider could have inserted malware into a company machine, or persuaded an unsuspecting employee to click on a malicious link that downloaded malware that gives cybercriminals a foothold into a company’s point-of-sale systems. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 20, 2013 Share Posted December 20, 2013 Yep, it's all very interesting and upsetting for those whose stripe swipes were taken! Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 20, 2013 Share Posted December 20, 2013 Good that fraudulent charges are covered under the cardholder's agreement... It's a hassle to get a new card, but better than having to pay several hundred dollars for something that is not your fault. Adam Quote Link to comment Share on other sites More sharing options...
mac Posted December 21, 2013 Share Posted December 21, 2013 Good that fraudulent charges are covered under the cardholder's agreement... It's a hassle to get a new card, but better than having to pay several hundred dollars for something that is not your fault. Adam On Credit Cards, yes you're protected. On Debit Cards, not necessarily in most cases! Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 21, 2013 Share Posted December 21, 2013 Very true, mac! Debit Cards are almost never protected like Credit Cards are and it's a disgrace! Quote Link to comment Share on other sites More sharing options...
Corrine Posted March 13, 2014 Share Posted March 13, 2014 Target Missed Alarms in Epic Hack of Credit Card Data - Businessweek It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified. On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then … Nothing happened. More at the source. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 13, 2014 Share Posted March 13, 2014 Thanks Corrine ... quite the story... Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 13, 2014 Share Posted March 13, 2014 Just listened to the entire story ... what a total mess and could have been totally been prevented. So sad. Quote Link to comment Share on other sites More sharing options...
crp Posted March 14, 2014 Share Posted March 14, 2014 #1: I still find it pathetic that POS attached to the world wide web #2: no explanation as to why the automatic cut off routines were disabled, ie: what was the cost of a false positive? #3: Who decided not to respond in any way , shape, manner or form to the alerts? Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 14, 2014 Share Posted March 14, 2014 #3: Who decided not to respond in any way , shape, manner or form to the alerts? No one knows as they were all asleep at the time. Quote Link to comment Share on other sites More sharing options...
ross549 Posted March 14, 2014 Share Posted March 14, 2014 I was thinking slow moving bureaucratic wheels in this case. Also, I bet they have many network incidents that have to be dealt with, and the "powers that be" must deliberate on wether it is something they should publicly disclose or not. I bet those discussions/arguments took place a few days after the breach was discovered. Adam Quote Link to comment Share on other sites More sharing options...
ebrke Posted March 15, 2014 Share Posted March 15, 2014 I was thinking slow moving bureaucratic wheels in this case. Seems the manager of security operations had resigned in Oct and hadn't yet been replaced when this mess occurred. Still, you'd think someone else would have had the authority to take action on those alerts from FireEye. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.