In Target, hackers found a gold mine -- with easy access

NYT/Pioneer Press ^ | 1-18-14 | Elizabeth A. Harris, Nicole Perlroth, Nathaniel Popper and Hilary Stout

[TurboZamboni]

It was, in essence, a cybercriminal's dream.

For months, an amorphous group of Eastern European hackers had been poking around the networks of major U.S. retailers, searching for loose portals that would take them deep into corporate systems.

In early November, before the holiday shopping season began, the hackers found what they had been looking for -- a wide path into Target and beyond.

Entering through a digital gateway, the criminals discovered that Target's systems were astonishingly open -- lacking the virtual walls and motion detectors found in secure networks like many banks'. Without those safeguards, the thieves moved swiftly into the company's computer servers containing Target's customer data and to the crown jewel: the in-store systems where consumers swipe their credit and debit cards and enter their PINs.

[catnipman]

“Those cards will continue to have value for quite a while. These cards will still be available for purchase a year from now.”

Which is why EVERYONE whose card was stolen should have IMMEDIATELY cancelled their accounts and obtained new cards with new account numbers, despite the BS from Target and others that “monitoring” your bill for a couple of years was all that was necessary.

[Vendome]

BS and four wetawds to write this drivel.

Inside job period.

[DoughtyOne]

Easy access...

Yeah, that’s what they want you to think. Do folks think the Department of Defense and other government sites hit by Wikileaks were easy targets?

Sorry, but I don’t think Target was an easy touch. There are people out there who are very crafty, and can break these systems.

Frankly, I think it would be a hoot if someone were to wait until the NSA states it doesn’t do something, and then release information taken from them that shows they do in fact do it.

[Vendome]

Why not?

They’re insured.,

It’s the credit cards company problemo.

[sheana]

Same here. I use Amex for everything. If they detect fraud they issue a new card immediately. Any disputed charge comes off immediately. Safer than cash.

[Sans-Culotte]

Same here. I use Amex for everything. If they detect fraud they issue a new card immediately. Any disputed charge comes off immediately. Safer than cash.

I've stopped paying with my debit and have switched to Amex as well.

[Finalmente]

Right you are!

[Uri’el-2012]

Why not?

They’re insured.,

It’s the credit cards company problem.

Target is self insured.

[Vendome]

Yep.

[The Bat Lady]

I only made one purchase at Target during the infected known timespan. So far, nothing from my credit card company.

Near the bottom of the long article it stated that those numbers will still be sold a year from now.

If I had shopped at Target I would change all my numbers. I'm just saying.

Plus, I will now go back to checks when I don't use cash.

[rawhide]

You would think Visa would notify me? Maybe they feel my card is okay? It was a credit card I used, not a debit card.

[khelus]

Where is Target’s IT department? In Bangalore? Likely half of it is there.

More likely all or nearly all.

Good security does not come cheap and Target's goal is to maximize quarterly profits.

Most likely Target out sources IT to a company nominally located in the US or Canada which in turn has it's work done in India. Just like the ObamaCare web site.

[khelus]

I forgot to add that Neiman Marcus and at least three other undisclosed retailers were hit. Probably same scenario.

http://www.tomsguide.com/us/target-neiman-marcus-data-breach-faq,news-18199.html