Security Advisor

Target Breach Exposes Data of 40 Million Customers

Plus: Attackers setting sights on the newly released Playstation 4 and Xbox One.

Customers that have swiped their plastic at Target in the past month may want to keep an eye out on their financial accounts for any suspicious activity. The retailer s announced that 40 million customers who used credit or debit cards at the stores since Black Friday might have had their data stolen.

According to Target, only customers who physically shopped in the stores between Nov. 29 and Dec. 15 were at risk and online customers'' data remains secure.

It's yet unclear exactly how customer data, including names, credit or debit card numbers,  expiration dates  and CVV security numbers, was stolen directly from store point-of-sale (POS) terminals, but the company has stopped the data leak and is investigating and has called in the United States Secret Service for assistance.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," said Target CEO Gregg Steinhafel in a released statement. "We regret any inconvenience this may cause. We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

Along with the Secret Service, a private forensic team has been called in to help with the investigation.

Mark Bower, an analyst at Voltage Security, said the Target breach (the second-largest consumer breach in history) demonstrates both the lengths attackers will go to steal your data and a fatal security flaw associated with retailer POS systems.

"In use, POS systems should be isolated from other networks to restrict access to payment data flows, but often are connected to many systems," said Bower. "As a POS and checkout are in constant use especially around high volume periods like Black Friday, they are less frequently patched and updated and thus vulnerable to malware compromise impacting massive amounts of cardholder data, as we see today with Target."

Target suggests those that used the retailer during the time period in question to watch for any suspicious activity on the financial accounts used at the retailer and to contact their bank or credit card company as soon as possible. Additional information on what steps to take for those affected can be found here.

Attackers Setting Sights on Next-Gen Consoles
Those that used a credit card to purchase this holiday season's two hot items, the Playstation 4 or Xbox One gaming consoles, may have two security headaches to worry about. According to security firm Kaspersky Lab, more than 4.6 million pieces of malware have been used in an estimated daily attack average of 34,000 since both consoles' launches in November.

"We've just seen two of the biggest console launches ever, with the PlayStation 4 and the Xbox One," said Kaspersky Lab Senior Security Researcher David Emm in an interview to Gamespot. "That means there will be more gamers for criminals to target, especially as the Sony and Microsoft machines increasingly use the Internet for a fuller gaming experience. And don't forget the PC, still the most popular gaming platform and cyber crooks' favorite target."

According to the security firm, the most popular attack method is the tried-and-true e-mail and personal message phishing scam. Remember, if it's connected to the Internet, it's susceptible to malware. Don't click any suspicious links sent and resist the urge to share your personal financial information with the stranger you just met in-game.


About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube