stores would point to more of a virtual intrusion," he says. John Buzzard of FICO's Card Alert Service says most indicators suggest Target was struck by an external attack that most likely infected its network with malware. "I seriously doubt Target transmitted that data across an open network in the clear to their processor or stored the data," he adds. "It would follow that it was done through the infrastructure that Target uses to send updates down to their POS terminals."Īn executive with another leading issuer also says the breach most likely was initiated at the network level, via an external attack, given the breadth of the attack.Īl Pascual, a financial fraud analyst with consultancy Javelin Strategy & Research, says the data leak was likely caused by a POS system attack, given that expiration dates and CVVs were lost. "Clearly, it was an external intrusion," the executive says. Once infected, the devices were instructed to store and forward mag-stripe data collected during transactions at the POS, the executive says. card issuers affected by the Target attack, who asked not to be named, says he believes about 40,000 of the retailer's 60,000 point-of-sale terminals were infected with an executable file, likely malware that was automatically downloaded from a hacked server. "This incident appears to be tied to their system since transactions were not impacted," she adds.Īn executive with one of the leading U.S. And while fraud expert and Gartner analyst Avivah Litan speculates about whether an insider is to blame for the breach, many other experts say Target's compromise likely resulted from an external attack.Īs fraud expert and Aite analyst Shirley Inscoe points out, Target's reference to "unauthorized access" suggests an outside hack. What Happened?Įxperts can only theorize about what may have happened to Target. The company operates 1,797 stores in the U.S. Target customers who suspect they may have been impacted have been instructed to contact Target directly and monitor credit accounts. "Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident." "Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts," the retailer says in its statement. In a letter to customers, Target notes that customer names, credit and debit card numbers, as well as card expiration dates and card verification values - three-digit security codes - were exposed during the breach, which was first reported by blogger Brian Krebs on Dec. In the meantime, banking institutions should educate customers about how to protect themselves from any fraud linked the attack. 15 were likely compromised by a data breach. Target is not sharing details beyond what it reported Dec. debit and credit accounts (see Target: 40 Million Cards at Risk). Security experts offer varying opinions about how U.S. See Also: JavaScript and Blockchain: Technologies You Can't Ignore Was it a point-of-sale attack? A network breach? Or was it an inside job?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |