The post-holiday period is usually associated with exchanges of merchandise, white sales and an anticipation of the Super Bowl. Not too many people expect that the first few weeks of January should be preoccupied by a concern that one’s personal information has been compromised by a security breach, but that’s what many, many people must concern themselves with this month as a result of the revelations concerning a much bigger than originally thought security breach at Target and beyond. And the news has San Francisco attorney Gregory J. Brod wondering whether the latest revelation is just the tip of the iceberg regarding this story.
Malware from the Former Soviet Union
According to CNN, the Department of Homeland Security announced Thursday that malware originating in the former Soviet Union may have infected the point of sale devices of Target, resulting in a massive security breach at the big retailer during the holiday shopping season. The advisory comes on the heels of the known breach at Target, which compromised credit card numbers and other personal information of up to 110 million customers. Target, after initially downplaying the scope of the breach, later owned up to a breach that encompassed such sensitive information as a cardholder’s PIN for a debit card, name, address, phone number and email address.
But more alarmingly, the Department of Homeland Security warning stated that consumers should be aware that the malware that infected Target’s point of sale system may have invaded the point of sale systems of other retailers. Once gaining a foothold in point of sale devices, the malware monitors data processed on the device and passes on the information to a recipient not connected with the retailer.
In the wake of the Target hack – which exposed up to 40 million in-store customers and 70 million additional customers to the breach – the retailer has provided new debit and credit cards to its customers and offered apologies to those whose identities were compromised.
Retailer’s System May Have Been Particularly Vulnerable
But whereas the government has warned consumers to be vigilant in a broad sense over their credit and debit card purchases of merchandise, there is evidence to suggest that Target may have been at the epicenter of data theft this holiday season. According to The New York Times, experts in cybersecurity and credit have stated that Target’s point of sale system was particularly vulnerable to attack from hackers, largely because the retailer’s system was remarkably open. That wide-open porthole, experts say, enabled hackers to casually shop around from system to system and gather information as they pleased.
As a result of the relatively easy installation of the malware, known as a memory scraper, the criminals were able to put credit and debit cards up for sale on the black market – and many innocent shoppers who originally owned the cards began seeing unauthorized charges on their statements.
Continue Reading ›