Target to pay $10M in proposed settlement for 2013 breach. Target has agreed to pay $10 million in a proposed settlement to a class-action lawsuit stemming from its massive 2013 data breach. The proposal, which requires U.S. federal court approval, calls for individual victims to receive up to $10,000. As many as 110 million people were affected by the attack, which occurred during the holiday shopping season. The proposed settlement includes measures to better protect the customer data that Target collects, according to documents filed with the U.S. District Court, District of Minnesota. Target must develop and test a security program for protecting consumer data and implement a process of monitoring and identifying security threats. The company must also provide its employees with security training around keeping consumer data safe. After the settlement's approval, Target would have five years to implement these measures.
Target has already complied with one of the requirements: it named a chief information security office in June 2014. Target Says Credit Card Data Breach Cost It $162M In 2013-14. Foreign gangs top list of Target data breach suspects. One year after thieves infiltrated Target’s cash registers, a website openly sells millions of credit and debit card numbers stolen in that data breach and many others. Anyone can log on to the site, rescator.cc, and shop for cards by ZIP code. This illegal marketplace is the most glaring reminder that no one has been brought to justice in the massive theft of Target customer data.
Federal authorities declined to say anything about their investigation, which is being led by the U.S. Secret Service. Yet cybersecurity professionals have named one person they believe is linked to the stolen card website: a Ukrainian hacker named Andrey Hodirevski. Brian Krebs is the blogger who broke the Target breach story and first named Hodirevski a year ago. How cards are stolen, reused Initial breach: Theives obtain debit and credit card data by infecting retail point-of-sale systems with malware, which siphons data from cards once they are swiped. Illicit marketplace. Target Breach Lawsuits Consolidated. Banking Suits Seek Recovery of Expenses Dozens of class action lawsuits filed on behalf of banking institutions, consumers and shareholders against Target Corp. in the wake of the retailer's massive breach are being consolidated into three groups.
In their lawsuits, banking institutions claim Target should be responsible for card re-issuance and replacement expenses that card issuers have incurred as a result of the retailer's breach, which is estimated to have exposed some 40 million debit and credit cards (see: Suits Against Target Make 'Statement'). A statement from the U.S. District Court in Minnesota notes: "The court will appoint lead and liaison counsel for each of the three groups of plaintiffs, in addition to supervising lead and liaison counsel for all plaintiffs. " More than 140 lawsuits, including 29 brought on behalf of banks and credit unions, were consolidated into three groups before U.S.
More information on the lawsuits and court proceedings can be found here.
Trust wave suit. Banks sue Target. Target ignored its own alarms. Target CEO resigned. Consumer Reports calls Target's response to data breach weak Rea. 4 Points About the Target Breach and Data Security. Card Data Was Sent To a Server In Russia. Privacy Monday – January 13, 2014. What the target data security breaches mean for hoteliers. The recent headlines about the Target and Neiman Marcus security breach with customer credit cards highlights a growing crisis that concerns owners and operator of hotels as well as retailers. In this article, Bob Braun, one of the senior members of our Global Hospitality Group® who focuses on data security -- when he is not working on hotel management or franchise agreements -- gives us some thoughts on what to do about this problem.
The Target and Neiman Marcus breaches: What hoteliers need to know The Target and Neiman Marcus problem. The massive security breach of Target's customer data may affect more than 110 million Americans -- potentially about 1 in 3 persons living in the United States. Hoteliers beware. The need to respond to guest demands is another source of insecurity. Finally, hotels have employees -- lots of employees -- and many of them have access to the credit card and other personal information of guests. What happened to Target? The lesson? What should I do? The number of the day: 70 million (at least) The Target data breach story keeps getting worse.
The December pre-Christmas disclosure was the theft of up to 40 million Target shoppers’ credit and debit card information in what appeared to have been a hack of the Target point-of-sale system that allowed the thieves to swipe magnetic card data as customers checked out. About a week later, we learned that debit card PIN data had indeed been swiped in addition to the card numbers, but according to Target, the PINs were encrypted.
Today’s news is that Target has discovered that the personal information of up to an additional 70 million Target customers was also stolen — such information includes names, mailing addresses, phone numbers and email addresses. There is likely crossover between the 40 million affected customers and the new 70 million number, but whatever that crossover is, it still makes the total number of records affected somewhere between 70 million and 110 million.
Is the Congressional Response to the Target Breach Off-Target? Senators asking Target data breach. How Target's Point-of-Sale System May Have Been Hacked. Target has not revealed much regarding how their massive data breach occurred. To date they have disclosed the breach included 40 million credit cards and 70 million personal records. Target has only stated that the point-of-sale systems were compromised by malware. The question we are all asking is how is it that all the point-of-sale systems across all Target stores in the United States were compromised at the same time? Target’s IT Infrastructure Revealed The answer I believe lies partially in Target’s recently updated architecture. On a per store basis these two servers leverage virtualization to run a custom point-of-sale solution that manages up to 30 registers, along with applications to manage inventory, stock replenishment, pharmacy data (if they have a one), infrastructure as well as databases.
Target runs most of their systems on Microsoft (except for the pharmacy app which runs on Linux in a VM). Related Articles: Resources: Definitive Guide to Attack Surface Analytics. Target announces customer data leak was bigger, 70 million victims. The giant US retailer Target announces that the extent of the credit-card leak was even bigger, further 70 million customers are victims of the data breach. We all remember the holiday attack against the US giant retail Target, a data breach that exposed millions of customers’ data. The attackers accessed to names, mailing addresses, phone number and email addresses for up to 70 million customers. While Target Chairman Gregg Steinhafel apologized for the inconvenience that the data breach may have caused customers, the company still not provided any further information on the schema of attack implemented by hackers.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Steinhafel. The disclosure was made a few weeks after the Target retailer has confirmed a cyber attacks and the theft of approximately 40 million customer debit and credit card records. Pierluigi Paganini. If firms like Target won't protect privacy, make 'em pay. Senator Edward Markey.
Retailers Violate Biggest Asset: Customer Trust. The Target Data Breach Lawsuits: Why Every Company Should Care | Data Security Law Journal. Plaintiffs’ lawyers were falling over themselves last week in a race to the courthouse to sue Target as a result of its recent data breach. By at least one report, over 40 lawsuits have already been filed against Target, the first of which was filed the day after the breach became public. This post will provide an overview of the lawsuits, analyze their merits, identify potential concerns for Target, and address some of the larger public policy implications raised by the lawsuits. My next post will provide more specific details about a sample of the lawsuits. A (Coordinated) Race to the Courthouse The lawsuits were filed in Federal courts all over the country, including Alabama, California, Florida, Illinois, Minnesota, Oregon, and Rhode Island.
Also interesting is when the lawsuits were filed. On to the Merits . . . “Failure to Adopt Reasonable Safeguards” “Failure to Timely Notify Affected Consumers” Cognizable Harm This is not to say that all damages are not cognizable. Precedent.
Cards Stolen in Target Breach Flood Underground Markets. Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card, KrebsOnSecurity has learned. Prior to breaking the story of the Target breach on Wednesday, Dec. 18, I spoke with a fraud analyst at a major bank who said his team had independently confirmed that Target had been breached after buying a huge chunk of the bank’s card accounts from a well-known “card shop” — an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards.
There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. But this store has earned a special reputation for selling quality “dumps,” data stolen from the magnetic stripe on the backs of credit and debit cards. “Nobody has notified us,” my source said.