amuck-landowner

Target confirms leak of 40mil CC data

wlanboy

Content Contributer
Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores.

Target today confirmed it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.

Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.

Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts.  Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.
A phone call from my sister just raised my attention to this.

Why does no company care about PCI DSS?
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Yikes! Shows that even the big boys can be targeted (har). At least they're working with law enforcement and their financial institutions to get it resolved.

I really like Target, I wish I had one around here.

So did your sister get her CC# stolen or..?
 

drmike

100% Tier-1 Gogent
At least Target notifies their customers. Unlike some VPS companies I shall not name....
Give me some downtime and I'll notify the customers of said VPS companies.   Right at Christmas time too :)

Ho ho ho!
 

drmike

100% Tier-1 Gogent
They figure it out after exposing 40 million accounts?  Too little and too late.

Unsure why they were storing the motherlode in one big pile to be picked at like that. 

Glad I don't partake in Target.  Looks like they just made a huge percentage of the US population potential victims.
 

vRozenSch00n

Active Member
PCI DSS compliance only covers best-practices, but won't stop stupidity.

It seems track data was stolen over the course of a few weeks, suggesting a snooper was installed on the point of sale network. 
In my country a skimmer and blank magnetic cards can be easily bought in computer spare parts shops.
 

wlanboy

Content Contributer
PCI DSS compliance only covers best-practices, but won't stop stupidity.

It seems track data was stolen over the course of a few weeks, suggesting a snooper was installed on the point of sale network. 
But it would help alot:

pcidss.jpg

Short snipplet from the link:

There are no indications at this time that the breach affected customers who shopped at Target’s online stores.

The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe.

If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.
 

trewq

Active Member
Verified Provider
"I thought we told you not to use these servers for torrents."


But seriously it's a shame this has happened.
 

tchen

New Member
But it would help alot:
The PCI-DSS requirements don't address POS equipment other than the cursory 'change the default passwords' and some generic network security/filtering requirements 1-2 meant to contain any breaches on the system level.  Requirement 3 (from which the screenshot refers to), controls only the long term storage of partial track data - either in a database or log.

P.S. Target has to be third-party DSS audited yearly given they're a Level 1 merchant.

All around the states?
Reports so far says yes.  Or at the very least it's regional.
 

wlanboy

Content Contributer
Next one:

Responding to inquiries about a possible data breach involving
customer credit and debit card information, upscale retailer
Neiman Marcus acknowledged today that it is working with
the U.S. Secret Service to investigate a hacker break-in that
has exposed an unknown number of customer cards.
Neiman Marcus spokesperson Ginger Reeder said the company
does not yet know the cause, size or duration of the breach, noting
that these are details being sought by a third-party forensics firm
which has yet to complete its investigation. But she said there is
no evidence that shoppers who purchased from the company’s
online stores were affected by this breach.
 

peterw

New Member
Another retailer:

Multiple sources in the banking industry say they are tracking a pattern of
fraud on cards that were all recently used at Michaels Stores Inc., an Irving,
Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.
 
Top
amuck-landowner