The Target data breach that compromised 40 million customers’ credit card numbers and 70 million customers’ personal information in November and December 2013 was the second-largest data breach in the history of retail hacking — the largest since the T.J. Maxx/Marshall’s security breach of 2005. Authorities have determined that the breach occurred when hackers were able to access Target’s point-of-sale system, enabling them to steal customer information as it was entered.
Even though the breach occurred several weeks ago, its effects are ongoing. Though the thieves made off with a significant amount of payment information, it’s the stolen personal information that presents the biggest risk to consumers. The FBI warns that the personal information stolen in the breach could be used to perpetrate identity thefts for years to come. In the wake of the Target breach, other retailers remain vulnerable to the same type of attack.
No End in Sight for Repercussions of Target Breach
Since the 2013 Target breach that compromised the personal and payment information of about 110 million customers, FBI officials and other security experts have warned that consumers and the retail industry alike aren’t yet out of the woods. Though the hackers were able to obtain about 40 million credit and debit card numbers from Target customers, that’s not the real threat. After all, credit cards can be cancelled and debit cards can be reissued. Many banks took immediate action to protect customers from fraudulent charges once word of the massive Target data breach got out.
The real threat, security experts warn, is the theft of personal information from 70 million Target customers. This information includes phone numbers, email addresses, postal addresses and names. Identity thieves can use this information to perpetrate cybercrime against millions of Target customers. Unlike credit and debit card information, names and addresses aren’t so easy to change.
Cybersecurity professionals and the FBI have warned that this information is already being bought and sold on the black market. Consumers whose personal information was stolen in the Target breach can expect the threat of identity theft to loom for years into the future. After all, there’s no expiration date on a name, an address or a date of birth.
More POS Attacks Forecast
In a report released in January 2014, the FBI warned retailers that the future will likely bring only more POS attacks like the one implicated in the Target breach. The malware that the hackers used to steal Target’s data is easy to get on Deep Web forums, the FBI maintains. It’s also relatively affordable for hackers. Of course, hacking retail corporations for their customers’ personal data is a profitable enterprise for cybercriminals. The Target data breach should serve as a warning to all companies that cybersecurity needs to be a top priority.
All Companies Are Vulnerable to Cybercrime
Cybersecurity professionals maintain that all companies are potential cybercrime victims, and those who don’t take steps to protect themselves and their customers are sitting ducks. The ongoing repercussions of the Target breach — which include damage to the company’s brand, reduced sales and lawsuits filed by disgruntled customers— create costs that other companies would do well to avoid by beefing up their cybersecurity systems. Retail corporations need to take measures to secure their databases and their networks, according to security experts at companies like xByte.
Credit and debit card users in the United States are particularly vulnerable to theft and fraudulent charges. American cards use easy-to-counterfeit, easy-to-hack magnetic data strips. As long as magnetic strip cards remain the norm, says the FBI, American consumers — and the retail outlets in which they do their shopping — will remain more vulnerable to attack.
Lawmakers and the retail industry are coming together to implement new security measures, including the introduction of the chip-and-pin system for credit and debit cards by October 2015. In the chip-and-pin system, credit and debit cards contain a chip that stores the customer’s payment information. When the customer wants to complete a transaction, he or she enters his or her pin into the card reader, and the chip creates a unique cryptogram to process that transaction. The chip-and-pin system is widely used in Europe, where it has substantially reduced credit and debit card fraud.
The chip-and-pin system isn’t perfect. It wouldn’t protect against POS malware attacks like that used in the Target breach, because in that case, hackers used Target’s own hardware to steal customers’ data. Lawmakers also support new notification standards, which would require credit card companies and retailers to notify customers when a breach has occurred. There is currently no federal law requiring such notification.
Following the Target breach of late 2013, the FBI has warned that similar POS attacks could become more commonplace in the months and years ahead. No company is safe from cybercrime. New, stronger cybersecurity measures are necessary to protect consumers.
Target POS image by Marlith from Wikipedia.org.
About the Author: Contributing blogger Steven Dyer has 15 years of experience in corporate IT consulting and recommends xByte for all his customers’ equipment needs.