Wait, just another data breach right? Just another case of credit card information getting in to the wrong hands right?
No.
First, the back story:
Thursday, December 19th Target, one of the biggest retailers in the world, revealed it had been the victim of unauthorized access to its payment card data:
Target today confirmed it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.
...
Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.
At first this story, while quite concerning, left me just nodding my head saying something to the effect of "another data breach". Yes and no. The methods used in this case appear to have been quite new. This is a VERY different case from previous instances and consequently is much more alarming.
This
latest incident … likely involved an attack on Target's point-of-sale (POS)
system, most security experts agreed, meaning that customer information was
probably sent directly from the store's mounted cash registers to the hackers
themselves, probably due to malicious software.
"I
don't know how they did it," James Wester, research director of IDC
Financial Insights…
"That
is what is kind of mystifying at this point," Wester said. "It seems
like from a security standpoint, Target was doing all of the right things, and
somehow this code was put on the POS system, which isn't a normal access point
for hackers."
You knew all along this was going to cost Target considerably.
What is also interesting is the move by some to push for further implementation of EMV protocols in the United States. It is not yet clear this would have helped at all. Furthermore, hacking always looks for the weakest link. There is no way a hacker could have infected all ~1800 Target stores at the Point of Sale without some severe security failure on the back-end. EMV would have no impact at all on such activity.
More on this story as it continues to unfold.
As my colleague said last night "buy Target stock right now, as it tanks. It'll go back up quickly once this passes."
Yeap.
The New York Times has a piece on this as well:
http://www.nytimes.com/2013/12/20/technology/target-stolen-shopper-data
The New York Times has a piece on this as well:
http://www.nytimes.com/2013/12/20/technology/target-stolen-shopper-data
Is any retailer safe from this sort of activity? Maybe not.
http://www.paymentssource.com/news/target-breach-sends-chills-is-any-merchant-safe-even-with-emv
Hope each of you is well prepared for the holiday season. Best wishes.
Happy reading,
J.W. Gant
No comments:
Post a Comment