This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Moving Target as breach figures rise

Share this article:

Customer data losses up by 30 million at Target

Moving Target as breach figures rise
Moving Target as breach figures rise

Revised figures from Target Corp have nearly doubled the number of customers to be hit by data theft over the Christmas holidays, up from 40 million to some 70 million credit and debit cards.

In December the company reported that that hackers had stolen card data including numbers, names, postal addresses, phone numbers and email addresses, though the data is said to be "partial in nature."  Thieves are reported to have installed data-stealing code on to card-swipe machines at tills in all 1,797 Target stores between November 27 and December 15 last year.

Target has offered one year of free credit monitoring and identity theft protection to all its US customers, with three months to enroll, and has said customers would have "zero liability" for any fraud losses; it is also providing tips on avoiding scams for those whose emails were taken. 

Nonetheless, some customers still reportedly intend to sue Target, for failing to notify them of the breach before it was first reported and for not maintaining “reasonable security procedures" to prevent the attack.

Sales had been going well, but were then hit by the breach with forecasts for fourth-quarter earnings down. Target shares initially fell 32 cents to US$ 63.03 (approximately £38.25) shortly after the market opened, with the company announcing reduced Q4 earnings from flat to a 2.5 percent decline.

Jason Hart, VP Cloud Solutions at SafeNet commented: “Whilst the payment information taken in the Target breach was encrypted, immediately reducing the impact of the breach, it is clear that data cannot be encrypted in isolation. 

"Right now, companies encrypt to be compliant with numerous data breach regulations, such as PCI-DSS. However, as with most compliance regulations, PCI-DSS only mandates a lowest common denominator-level of security and more protection is required. Organisations now need to move beyond basic regulations and ensure that they are securing data throughout its whole lifecycle. This means securing data at the application layer (such as point-of-sale terminals), while it is in transit or motion, and when it is stored."

Hart added: “One of the most common mistakes that organisations make is storing the encryption key in an insecure manner, thus exposing sensitive information to significant risk. Therefore, only those companies that encrypt all valuable data and apply tamper-proof and robust controls to the management of the keys, can be safe in the knowledge that their data is protected whether or not a security breach occurs.”

Target is the third-largest US retailer and this is the second-largest such breach reported by a US retailer.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.