This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Moving Target as breach figures rise

Share this article:

Customer data losses up by 30 million at Target

Moving Target as breach figures rise
Moving Target as breach figures rise

Revised figures from Target Corp have nearly doubled the number of customers to be hit by data theft over the Christmas holidays, up from 40 million to some 70 million credit and debit cards.

In December the company reported that that hackers had stolen card data including numbers, names, postal addresses, phone numbers and email addresses, though the data is said to be "partial in nature."  Thieves are reported to have installed data-stealing code on to card-swipe machines at tills in all 1,797 Target stores between November 27 and December 15 last year.

Target has offered one year of free credit monitoring and identity theft protection to all its US customers, with three months to enroll, and has said customers would have "zero liability" for any fraud losses; it is also providing tips on avoiding scams for those whose emails were taken. 

Nonetheless, some customers still reportedly intend to sue Target, for failing to notify them of the breach before it was first reported and for not maintaining “reasonable security procedures" to prevent the attack.

Sales had been going well, but were then hit by the breach with forecasts for fourth-quarter earnings down. Target shares initially fell 32 cents to US$ 63.03 (approximately £38.25) shortly after the market opened, with the company announcing reduced Q4 earnings from flat to a 2.5 percent decline.

Jason Hart, VP Cloud Solutions at SafeNet commented: “Whilst the payment information taken in the Target breach was encrypted, immediately reducing the impact of the breach, it is clear that data cannot be encrypted in isolation. 

"Right now, companies encrypt to be compliant with numerous data breach regulations, such as PCI-DSS. However, as with most compliance regulations, PCI-DSS only mandates a lowest common denominator-level of security and more protection is required. Organisations now need to move beyond basic regulations and ensure that they are securing data throughout its whole lifecycle. This means securing data at the application layer (such as point-of-sale terminals), while it is in transit or motion, and when it is stored."

Hart added: “One of the most common mistakes that organisations make is storing the encryption key in an insecure manner, thus exposing sensitive information to significant risk. Therefore, only those companies that encrypt all valuable data and apply tamper-proof and robust controls to the management of the keys, can be safe in the knowledge that their data is protected whether or not a security breach occurs.”

Target is the third-largest US retailer and this is the second-largest such breach reported by a US retailer.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

4% of Googlebots are fake and can launch attacks

4% of Googlebots are fake and can ...

Admins' fear of damaging their SEO gives malicious search engine bots a 'VIP pass' into sites.

Brit Lauri Love faces more US hacking charges

Brit Lauri Love faces more US hacking charges

Lauri Love, a 29-year-old British man from Stradishall in Suffolk, has been charged by a US court with hacking into multiple US government computers and stealing more than 100,000 employee ...

More questions than answers as BBC outage fuels DDoS talk

More questions than answers as BBC outage fuels ...

The British Broadcasting Corporation was hit by a prolonged outage on its website and iPlayer video-on-demand service (VOD) last weekend, raising questions about the cause and whether it was subjected ...