Between Nov. 27 and Dec. 15 of 2013, Target reported it sustained a breech that consisted of 40,000,000 payment card records by cybercriminals. Not as big as the T. J. Max, Adobe and Sony breeches which surpassed 100,000,000 records, but notable enough to cause a buzz.
Initial reports suggested that printed CVV numbers were collected along with card numbers, expiration dates and other pertinent information, but Target confirmed that was not the case, which significantly reduced the risk of fraudulent on-line purchases.
As part of Target’s ongoing investigation, Target announced last Friday that at least an additional 70 million customers were affected by December’s data breach.
In addition, Target confirmed that hackers had stolen debit and credit card numbers but also full names, addresses, phone numbers, and email addresses from a different data set.
In many ways, this second breach poses more of a threat than the first breach due to the availability of customer’s personally identifiable information.
Target CEO Gregg W. Steinhafel added what many of us in the information security community deduced; malicious software (malware) played a part in the breach and had to have been installed.
Steinfhafel stated “the full extent of what transpired is not yet known, what Target does know is that malware was installed on the company’ point of sale registers. Target is working with law enforcement to try and determine who did it, and when and it was done.”
For this to occur many security experts as well as myself believe a company insider may have installed the malware into a company machine, or worst, tricked into doing through either phishing or social engineering techniques without their knowledge by a cybercriminals to gain access to the company’s point-of-sale systems.
Target has offered some consumer credit assistance, but in addition to that, I offer the following steps:
1) Check your statement.
2) Call your Credit Card Company, bank and Target
3) Replace your credit card, change your PIN
4) Sign up for a fraud monitoring service