Sources: Target Investigating Data Breach

lotuseclat79 · Feb 4, 2014

Target works on security-heavy credit cards, after breach.

The retailer accelerates its $100 million program to offer users chip-enabled "smart credit cards" that encrypt users' personal data and are said to be harder to hack.
Click to expand...

-- Tom

ronjor · Feb 4, 2014

Target, Neiman Marcus executives apologize for data breach

Published February 04, 2014
FoxNews.com

Big banks and retailers played the blame game Tuesday as the heads of both industries tried to shift the responsibility over a series of big breaches in consumer data that left millions of Americans exposed to online theft.
Click to expand...

http://www.foxnews.com/politics/201...-marcus-executives-apologize-for-data-breach/

Dermot7 · Feb 5, 2014

Target Hackers Broke in Via HVAC Company

siljaline · Feb 6, 2014

One in three victims of Target card breach could face fraud

One in three data breach victims in 2013 later experienced fraud, according to a survey released Wednesday, a sharp increase that doesn't bode well for millions of Target shoppers.

That's up from one in four in 2012, according to Javelin Research, which polled 5,634 U.S. adults over three weeks last October about financial fraud incidents.
Click to expand...

http://www.cso.com.au/article/537642/one_three_victims_target_card_breach_could_face_fraud/

Justintime123 · Feb 6, 2014

-
Feb 14 Kebsonsecurity
Target Hackers Broke in Via HVAC Company

Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.

Sources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.

Using Shodan to find exploits?? www.shodanhq.com
-

siljaline · Feb 7, 2014

Target contractor says it was victim of cyberattack

A contractor for Target said Thursday it was also a victim of a cyberattack, supporting the retailer's claim that hackers gained entry to its network via a third party.

The contractor, Fazio Mechanical Services of Sharpsburg, Pennsylvania, issued a statement after the business was mentioned in several media reports as the possible weak link that allowed attackers to eventually steal 40 million payment card details.
Click to expand...

http://www.cso.com.au/article/537735/target_contractor_says_it_victim_cyberattack/

Dermot7 · Feb 12, 2014

Email Attack on Vendor Set Up Breach at Target

Dermot7 · Feb 12, 2014

ASSESSMENT: The Target Hack As An APT Style Attack
Click to expand...

https://krypt3ia.wordpress.com/2014/02/12/assessment-the-target-hack-as-an-apt-style-attack/

treepattern · Feb 12, 2014

Dermot7 said:

Target Hackers Broke in Via HVAC Company
Click to expand...

Sick pivot. lol mbam.

1PW · Feb 13, 2014

treepattern said:

Sick pivot. lol mbam.
Click to expand...

Even though Fazio Mechanical may have quite likely used the free (on-demand) versions of MBAM illegally, many folks do know that not even the Paid/Professional/Lifetime version of MBAM scans either incoming or outgoing email.

If what's been published is true, IMHO, Fazio Mechanical might as well have taped a copy of the Malwarebytes logo to each of their computers for all the real-time protection they had in force. Pity!

No mention seems to have been made for any other security/protection measures Fazio Mechanical may or may not have taken for their computers or Internet access.

ronjor · Feb 14, 2014

Target Warned of Vulnerabilities Before Data Breach
Cyber Security Staff Raised Concerns in the Months Before Hackers Stole Card Numbers

By
Danny Yadron And Paul Ziobro

Target Corp.'s computer security staff raised concerns about vulnerabilities in the retailer's payment card system at least two months before hackers stole 40 million credit and debit card numbers from its servers, people familiar with the matter said.
Click to expand...

http://online.wsj.com/news/article_...4579381520736715690-lMyQjAxMTA0MDEwNDExNDQyWj

ronjor · Feb 18, 2014

Financial institutions' bill for Target's massive data breach keeps rising.

Costs related to the holiday data theft have now exceeded $200 million for financial institutions, according to data collected by the Consumer Bankers Association and the Credit Union National Association.

The two trade associations said Tuesday that 21.8 million of the 40 million compromised credit and debit cards have been replaced.
Click to expand...

http://www.nbcnews.com/business/business-news/target-data-breach-cost-banks-tops-200m-n33156

Dermot7 · Feb 19, 2014

Fire Sale on Cards Stolen in Target Breach

Dermot7 · Feb 25, 2014

Card Backlog Extends Pain from Target Breach

Dermot7 · Feb 25, 2014

A House of Representatives committee with broad investigative jurisdiction has turned up the heat on Target Corp, demanding that the No. 3 U.S. retailer turn over internal documents and messages describing how and when it learned of a recent massive consumer data breach.
Click to expand...

http://www.reuters.com/article/2014/02/25/us-usa-target-idUSBREA1O19720140225

siljaline · Mar 6, 2014

Target's head of technology resigns in wake of devastating data breach

Target's head of technology handed in her resignation today, months after the company suffered one of the largest data breaches in retail history. Beth Jacob, who has served as Target's chief information officer and executive vice president of technology services since 2008, is vacating both positions and departing the company immediately. According to CEO Gregg Steinhafel, the retailer has already launched a search for an interim CIO to help steer Target through a major security overhaul. "While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," Steinhafel said.
Click to expand...

http://www.theverge.com/2014/3/5/54...mation-offier-beth-jacob-resigns-after-breach | http://www.techmeme.com/140305/p16#a140305p16

siljaline · Mar 11, 2014

Target hackers showed intimate knowledge of firm's network, suggests McAfee

The attack that planted malware on Target’s point of sale (POS) terminals in November’s huge data breach used inside knowledge of the network rather than a vulnerability in its retail software, McAfee has said in its latest quarterly analysis.

Snippets of information on the attack’s engineering have been trickling out steadily since Target made the incident public in January, but this one suggests if not complexity then at least a degree of planning.
Click to expand...

http://news.techworld.com/security/...e-knowledge-of-firms-network-suggests-mcafee/

hawki · Mar 13, 2014

"Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

...Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …

Nothing happened.

For some reason, Minneapolis didn’t react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.

Click to expand...

Full Story Here: http://www.businessweek.com/article...ed-alarms-in-epic-hack-of-credit-card-data#p1
http://www.businessweek.com/article...ed-alarms-in-epic-hack-of-credit-card-data#p1

siljaline · Mar 14, 2014

Major companies, like Target, often fail to act on malware alerts

Computerworld - Companies that suffer major data breaches almost always portray themselves as victims of cutting edge attack techniques and tools. The reality, though, is often much more mundane.

Case in point: Target, which last year was hit with a major data breach that exposed to hackers data on some 40 million credit and debit cards and personal data on another 70 million customers.
Click to expand...

http://www.computerworld.com/s/arti...ke_Target_often_fail_to_act_on_malware_alerts

kdcdq · Mar 17, 2014

Hey gents, I have pretty much read everything I have come across about the Target data breach, and I've got one huge unanswered question:

Does anyone know why Target's firewall did not alert and/or stop the mined credit card data from leaving their network to go the overseas server(s)?

vojta · Mar 18, 2014

Two posts above yours.

Minimalist · Mar 20, 2014

Target breach optioned as Sony feature film

The Target breach, and in particular the role of respected security blogger Brian Krebs in breaking the story, has been optioned as a feature film by Sony. The studio has bought the rights to the New York Times article, “Reporting From the Web’s Underbelly,” which told Krebs’ story in the wake of his exclusive revelations about the data breach at Target.
Click to expand...

hqsec

Dermot7 · Mar 25, 2014

(Reuters) -

Target Corp missed multiple opportunities to thwart the hackers responsible for the unprecedented holiday shopping season data breach, U.S. Senate staffers charged in a committee report released on Tuesday.
Click to expand...

http://www.reuters.com/article/2014/03/25/us-target-breach-senate-idUSBREA2O1VA20140325

vojta · Mar 26, 2014

They saw the iceberg and the captain shouted.........Full Throttle!

kdcdq · Mar 26, 2014

'Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to Target’s data breach, one of the largest on record.'

http://www.pcworld.com/article/2111...-named-in-targetrelated-suit.html#tk.nl_today

Log in or Sign up

Sources: Target Investigating Data Breach

lotuseclat79 Registered Member

ronjor Global Moderator

Dermot7 Registered Member

siljaline Registered Member

Justintime123 Registered Member

siljaline Registered Member

Dermot7 Registered Member

Dermot7 Registered Member

treepattern Registered Member

1PW Registered Member

ronjor Global Moderator

ronjor Global Moderator

Dermot7 Registered Member

Dermot7 Registered Member

Dermot7 Registered Member

siljaline Registered Member

siljaline Registered Member

hawki Registered Member

siljaline Registered Member

kdcdq Registered Member

vojta Registered Member

Minimalist Registered Member

Dermot7 Registered Member

vojta Registered Member

kdcdq Registered Member

Log in or Sign up

Sources: Target Investigating Data Breach

lotuseclat79 Registered Member

ronjor Global Moderator

Dermot7 Registered Member

siljaline Registered Member

Justintime123 Registered Member

siljaline Registered Member

Dermot7 Registered Member

Dermot7 Registered Member

treepattern Registered Member

1PW Registered Member

ronjor Global Moderator

ronjor Global Moderator

Dermot7 Registered Member

Dermot7 Registered Member

Dermot7 Registered Member

siljaline Registered Member

siljaline Registered Member

hawki Registered Member

siljaline Registered Member

kdcdq Registered Member

vojta Registered Member

Minimalist Registered Member

Dermot7 Registered Member

vojta Registered Member

kdcdq Registered Member

Useful Searches