A troubling update on the Target hack

It was revealed that Target's internal software for detecting malware et al did its job and detected the malware that resulted in the theft of all those cards and information. Alerts were raised in India and North America. And nothing was done about it. And the alerts popped up BEFORE the stolen data was exfiltrated. If they'd acted on the alerts, it's likely that none of the data would have gotten out.

I can imagine the attorneys for Visa and Mastercard are sharpening their knives. It costs card issuers lots of money to remake cards when they've been compromised, and with this proving Target's negligence, they now have a target they can recover costs from.

https://www.schneier.com/blog/archives/2014/03/details_of_the_.html


In other news, Sally Beauty Supply confirmed that they were hacked. It looks like it was probably the same group that did Target, but in an interesting twist the site that was selling all the credit card and customer info was hacked and the user registration databases was posted publicly online, so I'll bet international law enforcement is having a happy day today.

http://krebsonsecurity.com/2014/03/sally-beauty-confirms-card-data-breach/