This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Moving Target as breach figures rise

Share this article:

Customer data losses up by 30 million at Target

Moving Target as breach figures rise
Moving Target as breach figures rise

Revised figures from Target Corp have nearly doubled the number of customers to be hit by data theft over the Christmas holidays, up from 40 million to some 70 million credit and debit cards.

In December the company reported that that hackers had stolen card data including numbers, names, postal addresses, phone numbers and email addresses, though the data is said to be "partial in nature."  Thieves are reported to have installed data-stealing code on to card-swipe machines at tills in all 1,797 Target stores between November 27 and December 15 last year.

Target has offered one year of free credit monitoring and identity theft protection to all its US customers, with three months to enroll, and has said customers would have "zero liability" for any fraud losses; it is also providing tips on avoiding scams for those whose emails were taken. 

Nonetheless, some customers still reportedly intend to sue Target, for failing to notify them of the breach before it was first reported and for not maintaining “reasonable security procedures" to prevent the attack.

Sales had been going well, but were then hit by the breach with forecasts for fourth-quarter earnings down. Target shares initially fell 32 cents to US$ 63.03 (approximately £38.25) shortly after the market opened, with the company announcing reduced Q4 earnings from flat to a 2.5 percent decline.

Jason Hart, VP Cloud Solutions at SafeNet commented: “Whilst the payment information taken in the Target breach was encrypted, immediately reducing the impact of the breach, it is clear that data cannot be encrypted in isolation. 

"Right now, companies encrypt to be compliant with numerous data breach regulations, such as PCI-DSS. However, as with most compliance regulations, PCI-DSS only mandates a lowest common denominator-level of security and more protection is required. Organisations now need to move beyond basic regulations and ensure that they are securing data throughout its whole lifecycle. This means securing data at the application layer (such as point-of-sale terminals), while it is in transit or motion, and when it is stored."

Hart added: “One of the most common mistakes that organisations make is storing the encryption key in an insecure manner, thus exposing sensitive information to significant risk. Therefore, only those companies that encrypt all valuable data and apply tamper-proof and robust controls to the management of the keys, can be safe in the knowledge that their data is protected whether or not a security breach occurs.”

Target is the third-largest US retailer and this is the second-largest such breach reported by a US retailer.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...