Skip to main content

See also:

Target cyber breach extends, Neiman Marcus reports a cyber-theft attack

The problems for Target mounted this past week and Neiman Marcus announced a breach of its system on Friday, according to the N.Y. Times today.

Target on Friday revised the number of customers, whose personal information was stolen in a widespread data breach during the holiday season, and extended the number to 70 million to 110 million people.

This is three times as great as the company’s original estimate at the upper end. The theft is one of the largest ever of retail data cyber-attack.

Now Neiman Marcus is the latest target of credit card hacking. Ginger Reeder, spokeswoman for Dallas-based Neiman Marcus Group Ltd., said in an email Saturday that the retailer had been notified in mid-December by its credit card processor about potentially unauthorized payment activity following customer purchases at stores. On Jan. 1, a forensics firm confirmed evidence that the upscale retailer was a victim of a criminal cyber-security and that some customers' credit and debit cards were possibly compromised as a result.

An exact number is yet unknown by Neiman Marcus. Reeder stated in the release, ‘We have begun to contain the intrusion and have taken significant steps to further enhance information security.’

According to new information gleaned from its investigation on Target with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card related data for some 70 million customers. This is information Target obtained from customers who, among other things, used a call center and offered their phone number or shopped online and provided an email address.

Target yesterday reported that customers' names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen. The magnetic strip that slides through the terminal and onto a server which sends it to a computer center for processing is where the cyber thieves hack into and steal the data.

Target has been working with a forensics team at Verizon, and it has also consulted with Mandiant, a security firm specializing in data breach recovery.

After the initial breach, Target said that it had protected customers’ payment information with encryption and that it had stored the keys to descramble it on separate systems not affected in the breach. But the encryption algorithm Target used to protect that data — a standard known as triple DES, or 3DES — is vulnerable in some cases to so-called brute force attacks, when hackers use computers for high-speed guessing to unscramble the encrypted numbers on the card sent to the server.

The largest breach in American credit processing reported to date was in 2009 when a Heartland Payment Processing system was targeted and 130 million credit card numbers were stolen.

Mr. Anup Ghosh, founder of Invincea, a security software company said he suspected that hackers might use the stolen email addresses to send spoofed correspondence from Target, asking for more information such as a Social Security number to further continue identity theft and cybercrime.

Changes are coming to all retailers in the U.S. to obtain the EMV (Europay, Mastercard, and Visa) payments which uses chip and pin technologies used in encrypted credit/debit card processing in Europe and now to be available in the U.S.

A press release from Starmount yesterday announced that it has partnered with Servebase and Ingenico to enable the company to deliver complete end-to-end solutions that meet all requirements for EMV.

The end-to-end EMV solution also ensures that Starmount's U.S. customers are ‘future-proofed’ for Visa's October 2015 liability shift, which will require U.S. retailers to accept EMV chip transactions or else assume liability for fraudulent transactions.

Please, click on the articles listed below in the Author's suggested list and the video atop this article on the Neiman Marcus cyber-attack.