Target confirms leak of 40mil CC data

[wlanboy]

Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores.

Target today confirmed it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.

Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.

Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts.  Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.

A phone call from my sister just raised my attention to this.

Why does no company care about PCI DSS?

 

[MannDude]

Yikes! Shows that even the big boys can be targeted (har). At least they're working with law enforcement and their financial institutions to get it resolved.

I really like Target, I wish I had one around here.

So did your sister get her CC# stolen or..?

 

[SkylarM]

At least Target notifies their customers. Unlike some VPS companies I shall not name....

 

[nunim]

Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores.

A phone call from my sister just raised my attention to this.

Why does no company care about PCI DSS?

For once I'm glad to live in Canada, we just got Target , and I've been doing quite a bit of holiday shopping there.

 

[wlanboy]

So did your sister get her CC# stolen or..?

Maybe. She was informed that the bank will send her a new card out of security reasons.

After some small talk and asking the name Target was dropped.

 

[Damian]

My bank cancelled and issued me a new card today because of this.

 

[WebSearchingPro]

Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores.

A phone call from my sister just raised my attention to this.

Why does no company care about PCI DSS?

PCI DSS compliance does not mean hacker proof.

 

[drmike]

At least Target notifies their customers. Unlike some VPS companies I shall not name....

Give me some downtime and I'll notify the customers of said VPS companies.   Right at Christmas time too

Ho ho ho!

 

[drmike]

They figure it out after exposing 40 million accounts?  Too little and too late.

Unsure why they were storing the motherlode in one big pile to be picked at like that. 

Glad I don't partake in Target.  Looks like they just made a huge percentage of the US population potential victims.

 

[SrsX]

I suspect that the database is floating around somewhere, I'll see if I can dig it up.

 

[tchen]

Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores.

A phone call from my sister just raised my attention to this.

Why does no company care about PCI DSS?

PCI DSS compliance only covers best-practices, but won't stop stupidity.

It seems track data was stolen over the course of a few weeks, suggesting a snooper was installed on the point of sale network. 

 

[tchen]

I suspect that the database is floating around somewhere, I'll see if I can dig it up.

Please don't post it here.  This isn't HF.

 

[vRozenSch00n]

PCI DSS compliance only covers best-practices, but won't stop stupidity.

It seems track data was stolen over the course of a few weeks, suggesting a snooper was installed on the point of sale network. 

In my country a skimmer and blank magnetic cards can be easily bought in computer spare parts shops.

 

[wlanboy]

PCI DSS compliance only covers best-practices, but won't stop stupidity.

It seems track data was stolen over the course of a few weeks, suggesting a snooper was installed on the point of sale network. 

But it would help alot:



Short snipplet from the link:

There are no indications at this time that the breach affected customers who shopped at Target’s online stores.

The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe.

If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.

 

[trewq]

"I thought we told you not to use these servers for torrents."


But seriously it's a shame this has happened.

 

[peterw]

It seems track data was stolen over the course of a few weeks, suggesting a snooper was installed on the point of sale network. 

All around the states?

Unsure why they were storing the motherlode in one big pile to be picked at like that.

Me too.

 

[drmike]

I suspect that the database is floating around somewhere, I'll see if I can dig it up.

Yeah no posting it here... it won't fit in the post form

 

[tchen]

But it would help alot:

The PCI-DSS requirements don't address POS equipment other than the cursory 'change the default passwords' and some generic network security/filtering requirements 1-2 meant to contain any breaches on the system level.  Requirement 3 (from which the screenshot refers to), controls only the long term storage of partial track data - either in a database or log.

P.S. Target has to be third-party DSS audited yearly given they're a Level 1 merchant.

All around the states?

Reports so far says yes.  Or at the very least it's regional.

 

[wlanboy]

Next one:

Responding to inquiries about a possible data breach involving
customer credit and debit card information, upscale retailer
Neiman Marcus acknowledged today that it is working with
the U.S. Secret Service to investigate a hacker break-in that
has exposed an unknown number of customer cards.

Neiman Marcus spokesperson Ginger Reeder said the company
does not yet know the cause, size or duration of the breach, noting
that these are details being sought by a third-party forensics firm
which has yet to complete its investigation. But she said there is
no evidence that shoppers who purchased from the company’s
online stores were affected by this breach.

 

[peterw]

Another retailer:

Multiple sources in the banking industry say they are tracking a pattern of
fraud on cards that were all recently used at Michaels Stores Inc., an Irving,
Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.