The buzz in the tech world and news publications over the past month has been the massive breach of retail giant Target. Originally thought to have affected 40 million customers, Target recently reported that number is as high as 110 million, according to USA Today. Hackers gained access to various kinds of customer information: Names, email addresses, physical addresses, telephone numbers, credit card numbers, PIN numbers and card expiration dates
Reuters is estimating that the breach could cost Target a whopping $680 million dollars. Exact details of how the hack occurred have yet to be released, but Target is cooperating with government officials on the investigation.
The payment card industry (PCI) has been hit by very large breaches before, the most notable being the attack on TJX in 2006. Smart cards and other cryptographic payment systems would help retailers, explains SC Magazine, by enabling the use of non-reusable transaction codes. Moving to smart cards or chips within the credit cards may be the only way to help prevent massive PCI breaches in the future.
This breach wasn’t the work of a lone hacker. As one cyber security specialist told CNN Money, “Now [hacking] has turned into highly sophisticated organized crime, which is very lucrative business.” Hacking has transformed from being primarily the domain of individual criminals to include large pseudo companies.
Information posted on the Target web site states the company is currently working with a third-party forensics firm to gather information about who gained unauthorized access and how they did so. Credit monitoring is available to anyone who has ever shopped at a US Target store.
But credit monitoring may not be effective, at least in some cases, reasons Krebs on Security, because if the hackers are able to use the credit card information within the same areas as the card holder (which could accomplished based on address and phone number information), then the credit monitoring system would essentially fail.
If you’re a Target customer, keep a close eye on your bank and credit card statements. If you notice any suspicious activity, contact your financial institution immediately.
Also be on the lookout for suspicious emails that appear to originate from your credit card company, as there could be an influx of phishing email messages – those that attempt to gain information from you by seeming to be legitimate, when in fact they are from a cyber criminal. Only open emails that you know are trustworthy. When in doubt, delete the email.