Target Acknowledges Massive Data Breach

Krebs on Security’s Brian Krebs broke the news this week that approximately 40 million Target customers were affected by a data breach at the retailer between November 27, 2013 and December 15, 2013.

Almost all Target locations nationwide appear to be affected, according to Krebs, though the breach didn’t impact online purchases. The data stolen was track data, the information stored on a credit card’s magnetic strip, which can be used to create counterfeit credit cards.

In a statement acknowledging the breach, the company explained, “We began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV.”

A source at a data breach investigation firm told Krebs that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.”

According to Gidi Cohen, CEO of Skybox Security, this was clearly a well-planned attack. “Given the timing — the height of the holiday shopping season — the attackers chose a time period where they could inflict the maximum damage and gain access to a wealth of financial information,” he said.

“If you’re a criminal, mounting an attack on a large retailer like Target at this time of year makes a lot of sense because you’re likely to steal data from a larger number of cards in a shorter period of time than during any other period,” ESET senior security researcher Stephen Cobb said. “There is also a lively underground black market for stolen card details which means the thieves may be able to achieve a quick turnaround on their investment.”

Needless to say, this is going to be expensive for Target. “According to current averages — about $200 per record — the 40 million cards could cost Target upwards of $8 billion or more to deal with this,” Neohapsis principal security consultant Erik Bataller said. “And that doesn’t include the possible impact to the 40 million customers directly.”

And in a recent blog post, Gartner analyst Avivah Litan suggested this may well have been an inside job. “I’m not so sure it was due to a piece of malware inserted remotely by a clever hacker,” she wrote. “I recently heard a couple of high placed secret service officers say that the Heartland Payment Systems breach — the largest breach in history where 130 million payment cards were compromised — was actually executed by Albert Gonzales in a very low tech manner. These agents said Gonzales was working at Heartland as a call center employee and simply walked out with the sensitive payment card data every day on a USB drive. … If we’ve learned anything from the Snowden/NSA and Wikileaks/Bradley Manning affairs, it’s that insiders can cause the most damage because some basic controls are not in place.”

Latest articles

XDR Emerges as a Key Next-Generation Security Tool

Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a...

Best Encryption Tools & Software for 2020

Enterprises can invest in state of the art threat defenses like next-gen firewalls, microsegmentation and zero trust tools, but even the very best tools...

SASE: Securing the Network Edge

Dramatic growth in Internet of Things (IoT) devices and external users have forced IT departments to move storage and processing functions closer to the...

Kaspersky vs. Bitdefender: EDR Solutions Compared

Kaspersky and Bitdefender have very good endpoint security products for both business and consumer users, so they made both our top EDR and top...

Related articles


Please enter your comment!
Please enter your name here