• security,  target

    Target Had Warning of Security Risks

    A new article by The Wall Street Journal says that officials at Target were made aware of the potential security risks that lead to the November 27 – December 18 attack last year.

    “Target Corp.’s computer security staff raised concerns about vulnerabilities in the retailer’s payment card system at least two months before hackers stole 40 million credit and debit card numbers from its servers, people familiar with the matter said.”

    In Target’s defense, the Journal also reports:

    “The sheer volume of warnings that retailers receive makes it hard to know which to take seriously. Target has an extensive cybersecurity intelligence team, which sees numerous threats each week and could prioritize only so many issues at its monthly steering committee meetings, the former employee said.”

    As an IT professional, I find a report like this to be disappointing.  It’s a constant battle between setting business objectives and setting priorities and “good house keeping” such as installing infrastructure and security upgrades and patches.  Sometimes those priorities get muddy.
    As a Target customer who had their personal data stolen in the breach, I’m more than annoyed to learn that the situation was preventable.  It is also my opinion that most of these types of breaches are preventable with frequent software updates.
    I think security breaches, both large and small, along with the ever growing data stockpile that companies are amassing about their customers is a growing concern for customers and IT departments alike.  We all know that our online habits are being tracked and that companies are collecting an amazing amount of personal data about who we are so that this information can be used to either make more money from you with targeted advertising or by selling the collected information to third-parties.
    While I don’t think that personal data collection will go away anytime soon, if ever, I would hope that as a society, we put new laws and limits on what businesses and clearing houses can do with the data they collect about us.
    Click the source link below to read the full article online (login required).
    [Via WSJ.com…]
  • identity theft,  target

    RED Alert:Target Data Breach Impacts 70 Million Customers [Updated]

    More bad news from Target this week.  Remember that data breach affecting about 40 million customers in frenzied shopping period that was the run up to Christmas Day?  Ya, that one.

    Well, it turns out Target sort of low balled the number by 30 million.  Target now says that 70 million customers were impacted by the data breach.  This was confirmed by my bank when I received a letter from them on Wednesday evening because I’m one of the recently unreported 30 million customers.

    “Target Corp.’s holiday data breach was bigger than the company had previously said, penetrating more systems and compromising a new set of personal information affecting up to 70 million people. 

    Target said the information was stored separately from the 40 million credit and debit card accounts that the company had previously said were affected. There was some overlap between the two sets of stolen data, but Target didn’t say how extensive it was. The entry point for the attack has been identified and closed, spokeswoman Molly Snyder said.”

    Well isn’t that nice.  The breach point has been closed.  Sigh.  Guess I’ll be paying cash at Target from now on since I can’t trust them to handle my customer information safely.  Oh, and I’ll be asking my bank for a new credit card too.

    Update

    My very nice bank reissued my credit card, which, as it turned out, arrived Saturday afternoon.  If you haven’t received your replacement credit or debit card, call your back on Monday and get your replacement card issued ASAP.

    [Via WSJ.com…]