Target - 2013

Target discovered that hackers may have accessed customer debit and credit card information during the Thanksgiving and Christmas shopping season. Customers who used a payment card at any of Target's stores nationwide between November 27, 2013 and December 15, 2013 may have had their payment card information copied for fraudulent purposes. Credit card companies and banks have been notifying customers of the issue and advising them to watch for suspicious charges. Customer names, credit or debit card numbers, card expiration dates, and card security codes were taken and have appeared on the black market.UPDATE (12/24/2013): Target now faces at least three class-action lawsuits as a result of the breach. A wave of scam artists are attempting to profit from the breach by posing as Target or bank representatives addressing the breach. People who shopped at Target are being warned not to give their information out over the phone. Target is working with the U.S. Department of Justice and the Secret Service to investigate the breach.UPDATE (12/27/2013): Target customers are also being warned to be suspicious of emails claiming to be from Target or banks that request personal information. It is estimated that the breach may cost Target up to $3.6 billion. It appears that online customers were not affected.UPDATE (12/28/2013): Target confirmed that PINs associated with payment cards were also exposed.UPDATE (1/2/2014): East-West bank has issued a letter to their card holders warning that some of their accounts may have been compromised due to the Target data breach. East-West bank has issued new credit cards to their customers who shopped at any Target stores to reduce any potential unauthorized use of a card. (Source CA Attorney Generals' Office)UPDATE (1/10/2014): Target Corp. says that up to 70 million people were affected by the data breach, significantly more than was originally suspected. Experts predict the numbers could climb even higher than 70 million once the company completes its investigation. UPDATE (1/13/2014): Target Corp. has confirmed that malware was found on the Point of Sale devices. The malware has been removed. The number of individuals affected are now said to be 110 million individuals, 70 million more than originally thought.UPDATE (1/13/2014): Security experts are stating that Target may not be alone in the data breach. Neiman Marcus and at least 3 other unnamed retailers (these retailers are thought to be located in Eastern Europe) may also have been compromised as federal investigators track what they believe to be an international crime ring. UPDATE (1/14/2014): Companies that help Target process payments could be facing millions of dollars in fines and costs as a result of the data breach.UPDATE (1/16/2014): The malware that infected in the Target POS systems has been found and is known as the Trojan.POSRAM, according to new report by investigators. "The malware is a memory-scraping tool that grabs card data directly from point-of-sale terminals and then stores it on the victims system for later retrieval". The malware was originally thought to have been developed in Russia, known as BlackPOS. This new version is considered to be highly customized so that current anitvirus programs would not have detected it as reported by investigative agencies.UPDATE (1/20/2014): "A 17 year-old Russian national from St. Petersburg is thought to be responsible for the malicious programming that allowed for data from Target and Neiman Marcus to be compromised," according to a California based security firm.UPDATE (1/21/2014): Two Mexican citizens were arrested at the border in South Texas for the purchase of thousands of dollars worth of merchandise with information stolen during the Target security breach, as reported by a South Texas police chief.A spokesman with the Secret Service announced that the investigation is ongoing into the possibility of a link between the Target breach and the two arrested in Texas. UPDATE (1/29/2014): The malware used in the Target attack could suggest a poorly secured feature built into a popular IT management software product that was running on the retailers internal newtork.UPDATE (1/29/2014): A Target Corp. investor filed suit in Minnesota federal court Wednesday, against the retailers Executives holding them liable for damage caused by the holiday season data breach that saw hackers steal personal and financial information from tens of millions of customers.Shareholder Maureen Collier filed the suite with a complaint alleging that Target's board and top executives harmed the company financially by failing to take adequate steps to prevent the cyberattack then by subsequently providing customers with incomplete and misleading information about the extent of the data theft."The suit brings claims of breach of fiduciary duty, gross mismanagement, waste of corporate assets and abuse of control, and seeks monetary damages on behalf of the company from the 14 named officers and directors".UPDATE (2/5/2014): Hackers who broke into Target's computer network and stole customers' financial and personal data used credentials alledgedly  were stolen from a heating and air conditioning subcontractor in Pennsylvania, according to digital security journalist Brian Krebs.It appears as though the air conditioning company was given access to Target's computer network in order for the vendor to make remote changes to the system to  cut heating and cooling costs. Target has not confirmed the accuracy of this report.UPDATE (2/6/2014): Target Corporation announced they are fast tracking new credit card security technology in their stores, 6 months earlier than originally planned. Target's CFO announced it is moving up its goal to utilize chip-enabled smart cards, and now plans to have them in stores by early 2015. These cards encrypt point of sale data, rendering the credit card number less useful if stolen. Currently this technology is more prevalent outide of the US, but have resulted in lower card number thefts in other countries, notably Canada and the United Kingdom.UPDATE (2/15/2014): The breach at the Target Copr. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at the HVAC contractor Fazio Mechanical in Sharpsburg Pennsylvania. According to Krebs on Security, "multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers."UPDATE (5/5/2014): Target's CEO has resigned in the wake of the data breach over the holiday season. He is claiming the breach was his fault. He is the second major executive to resign. Earlier in the year the company's Chief Technology Office resigned as well. The CFO of the company will take over as the interim CEO.UPDATE (8/7/2014): Target has announced that the data breach will cost it's shareholders $148 million. UPDATE (12/9/2014): A Minnesota ruled that a lawsuit put forth by several banks could proceed as the court stated that Target failed to adequately defend against the massive data breach they suffered. This is the first time a data breach case of this size has moved forward based on a companies failure to respond to warnings from security software/experts. More Information: http://www.csmonitor.com/World/Passcode/2014/1209/Target-ruling-raises-s...