thewayne: (Cyranose)
So today I got the email from Target saying my information might have been compromised. As my last purchase at Target was long before November, I'm not too concerned about my credit card info being stolen. I don't recall having ever applied for a Target card, nor registering on the Target web site. I also searched my email for target.com and found that I never directly received an email from them, so I'm wondering how they got my email. I imagine that it might have gotten spawned from someone like GE Capital Services, but I don't know for certain. Still, if they're willing to pay to monitor my nonexistent income and credit for a year, why not.

The hack that got the credit card data was interesting. It was malware that sat on their POS terminals that nabbed the credit card number, and apparently the PIN, before it was encrypted and sent it all to an FTP server in the US that then sent it to Russia

Here's a couple more articles from Wired about it:

This one talking about how it happened again after they were hacked in 2005. Basically during the TJ Maxx hackathon companies were certified as having proper credit card security WHILE the hackers were active in the system. An audit after the hack was revealed showed they were non-compliant, is this a case of hindsight being 20/20?
http://www.wired.com/threatlevel/2014/01/target-hack/

This article talks about the specific malware, which you can buy for $1800-2300. Pretty good return on your money.
http://www.wired.com/threatlevel/2014/01/target-malware-identified/
thewayne: (Cyranose)
Interesting article that expands on some of the recent hacks, including malware that sniffs data within computers before they go through the encryption/transmission process! I do overuse the word interesting, but this is interesting stuff. The article also goes on to say that Target and JC Penney were hit in 2007, so this isn't Target's first dance.

Unfortunately the article does not go on to list the others who got hit, I'm sure that'll be revealed in the next couple of months. Meanwhile, the people who shopped at those stores are very vulnerable.

http://www.chicagotribune.com/business/sns-rt-us-target-databreach-retailers-20140111,0,257635,full.story
thewayne: (Cyranose)
First, Target. They revealed that the people who penetrated their network security, or lack thereof, also made off with the names, email and street addresses, and phone numbers of 70 million people. So we could be seeing some interestingly targeted scams. A commenter said that the zip code revealed was that of the store, I tend to doubt that. Anyway, if they made off with your street address and city, it would be easy to look up the zip. This is in addition to the 40 million credit cards compromised, though I'm sure there's significant overlap between the two groups.

http://krebsonsecurity.com/2014/01/target-names-emails-phone-numbers-on-up-to-70-million-customers-stolen/


Second, Neiman. They revealed that their credit card processor told them in mid December that a compromise happened. They have not announced how many cards were compromised or how it happened pending a report from a forensic investigation company. Like Target, only the brick & mortar side was hit.

http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/
thewayne: (Cyranose)
And they're already up for sale on criminal underground carder forums. Apparently some banks actually buy their customer's cards from these markets.

http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
thewayne: (Cyranose)
There's not a lot of firm data, but it looks like they were hacked for the period of Thanksgiving 2013 to December 15th. Originally it was thought to be a week, but it expanded. No really solid information has been released as to methods, but it looks like over a million cards were compromised and that it only affected in-store purchases, not online purchases.

It is anticipated that this could become one of the biggest hacks when everything is analyzed, which I find kind of noteworthy for one of such short duration.

http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/

June 2025

S M T W T F S
123456 7
891011121314
15161718192021
22232425262728
2930     

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 10th, 2025 03:46 pm
Powered by Dreamwidth Studios