Back in late December 2013, Target acknowledged being hacked and confirming some 40 million debit and credit cards being compromised. Debit-card PINS had also been stolen among other personal and financial information. All transactions between November 27th and December 15th 2013 had been believed to have been affected. It was later reported not 40 million, but some 110 million customers may have been affected by the breach. From the latest reports, it is now believed that hackers had gained access to Target’s billing system as early as November 15th. This accounts as being the second-largest card information theft in U.S. history. Although PIN information remained encrypted, security experts brought up important concerns advising the public consider the risks and urging them to change their numbers. There is no question that encrypted data can be broken into and we have seen it happen in large cases like this one.
According to independent security reporter Brian Krebs, Target’s network credentials we’re initially stolen from Fazio Mechanical Services, Target’s contracted heating and air conditioning (HVAC) company. It remains unclear why the company had access to Target externally and to such sensitive payment sectors. Vendors often have access for maintenance and updates along with progressive development. The company reported having standards-compliant systems and being victims of a sophisticated attack. Having simple access is cost effective but can often be a risk factor and require to be analyzed properly for security measures. This leaves us wondering who is accountable for the costs and damages of this massive security breach. According to a fraud analyst from Gartner, costs may be elevated as high as $420 million covering the various legal fees, monitoring and prevent fraudulent card transactions, card reissuing, legal services and more.
In an attempt to reassure customers, Target announced that customers would have no liability for any fraudulent charges and offered one free year of credit monitoring and identity theft security. The company numbers dropped in the last quarter as a result of this attack. Both parties are now working along with Secret Service to find the vulnerabilities of the networks and attempt to make them safer. As for the stolen information, it is hard to tell how much damage will be done. Some reports claim data was transferred to Russia, but close sources report data being sent to several locations, such as Miami and Brazil, where unsuspecting victims had their hacked computers used to store and transfer card data. American authorities are following leads and attempting to work with local governments to gain access to the data.