Always strive to learn something useful. --Sophocles

So today I got the email from Target saying my information might have been compromised. As my last purchase at Target was long before November, I'm not too concerned about my credit card info being stolen. I don't recall having ever applied for a Target card, nor registering on the Target web site. I also searched my email for target.com and found that I never directly received an email from them, so I'm wondering how they got my email. I imagine that it might have gotten spawned from someone like GE Capital Services, but I don't know for certain. Still, if they're willing to pay to monitor my nonexistent income and credit for a year, why not.

The hack that got the credit card data was interesting. It was malware that sat on their POS terminals that nabbed the credit card number, and apparently the PIN, before it was encrypted and sent it all to an FTP server in the US that then sent it to Russia

Here's a couple more articles from Wired about it:

This one talking about how it happened again after they were hacked in 2005. Basically during the TJ Maxx hackathon companies were certified as having proper credit card security WHILE the hackers were active in the system. An audit after the hack was revealed showed they were non-compliant, is this a case of hindsight being 20/20?
http://www.wired.com/threatlevel/2014/01/target-hack/

This article talks about the specific malware, which you can buy for $1800-2300. Pretty good return on your money.
http://www.wired.com/threatlevel/2014/01/target-malware-identified/

First, Target. They revealed that the people who penetrated their network security, or lack thereof, also made off with the names, email and street addresses, and phone numbers of 70 million people. So we could be seeing some interestingly targeted scams. A commenter said that the zip code revealed was that of the store, I tend to doubt that. Anyway, if they made off with your street address and city, it would be easy to look up the zip. This is in addition to the 40 million credit cards compromised, though I'm sure there's significant overlap between the two groups.

http://krebsonsecurity.com/2014/01/target-names-emails-phone-numbers-on-up-to-70-million-customers-stolen/


Second, Neiman. They revealed that their credit card processor told them in mid December that a compromise happened. They have not announced how many cards were compromised or how it happened pending a report from a forensic investigation company. Like Target, only the brick & mortar side was hit.

http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/

There's not a lot of firm data, but it looks like they were hacked for the period of Thanksgiving 2013 to December 15th. Originally it was thought to be a week, but it expanded. No really solid information has been released as to methods, but it looks like over a million cards were compromised and that it only affected in-store purchases, not online purchases.

It is anticipated that this could become one of the biggest hacks when everything is analyzed, which I find kind of noteworthy for one of such short duration.

http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/